登录DS 后台
vim /opt/splunk/etc/development-apps/prefix_all_indexes/local/indexes.conf
新增索引 [prefix_mailcasph]
[prefix_mailcasph] homePath = volume:hotwarmdb/prefix_mailcasph/db coldPath = volume:colddb/prefix_mailcasph/colddb thawedPath = $SPLUNK_DB/prefix_mailcasph/thaweddb
inputs 负责数据采集,props负责数据解析
配置inputs文件夹
vim prefix_mailcasph_inputs/local/app.conf (这个一般参考default/app.conf 不做修改)
[install]
state = enabled
[package]
check_for_updates = false
[ui]
is_visible = false
is_manageable = false
vim prefix_mailcasph_inputs/local/inputs.conf
[monitor://D:\Exchange Server\Logging\HttpProxy\Eas\HttpProxy*.log]
index = prefix_mailcasph
sourcetype = ms:exchange:http_proxy
crcSalt =
disabled = false
metadata 文件夹
local.meta:[]
access = read : [ * ], write : [ admin ]
export = system
配置props文件夹
vim prefix_mailcasph_inputs/local/app.conf
[install]
state = enabled
[package]
check_for_updates = false
[ui]
is_visible = false
is_manageable = false
props.conf (来自splunk论坛某篇文章)
[ms:exchange:http_proxy]
CHARSET=UTF-8
INDEXED_EXTRACTIONS=csv
FIELD_DELIMITER=,
KV_MODE=none
SHOULD_LINEMERGE=false
disabled=false
TIMESTAMP_FIELDS=DateTime
TRANSFORMS-killheader1 = kh1
SHOULD_LINEMERGE=true
LINE_BREAKER=([\r\n]+)\d{4}-\d{2}-\d{2}T
TIME_PREFIX = ^
TIME_FORMAT = %Y-%m-%dT%H:%M:%SZ
MAX_TIMESTAMP_LOOKAHEAD = 25
NO_BINARY_CHECK=true
REPORT-extractfields = extractfields
transforms.conf (来自splunk论坛某篇文章)
[kh1]
REGEX = ^DateTime
DEST_KEY = queue
FORMAT = nullQueue
[extractfields]
DELIMS=“,”
FIELDS=DateTime,RequestId,MajorVersion,MinorVersion,BuildVersion,RevisionVersion,ClientRequestId,Protocol,UrlHo
st,UrlStem,ProtocolAction,AuthenticationType,IsAuthenticated,AuthenticatedUser,Organization,AnchorMailbox,UserA
gent,ClientIpAddress,ServerHostName,HttpStatus,BackEndStatus,ErrorCode,Method,ProxyAction,TargetServer,TargetSe
rverVersion,RoutingType,RoutingHint,BackEndCookie,ServerLocatorHost,ServerLocatorLatency,RequestBytes,ResponseB
ytes,TargetOutstandingRequests,AuthModulePerfContext,HttpPipelineLatency,CalculateTargetBackEndLatency,GlsLaten
cyBreakup,TotalGlsLatency,AccountForestLatencyBreakup,TotalAccountForestLatency,ResourceForestLatencyBreakup,To
talResourceForestLatency,ADLatency,SharedCacheLatencyBreakup,TotalSharedCacheLatency,ActivityContextLifeTime,Mo
duleToHandlerSwitchingLatency,ClientReqStreamLatency,BackendReqInitLatency,BackendReqStreamLatency,BackendProce
ssingLatency,BackendRespInitLatency,BackendRespStreamLatency,ClientRespStreamLatency,KerberosAuthHeaderLatency,
HandlerCompletionLatency,RequestHandlerLatency,HandlerToModuleSwitchingLatency,ProxyTime,CoreLatency,RoutingLat
ency,HttpProxyOverhead,TotalRequestTime,RouteRefresherLatency,UrlQuery,BackEndGenericInfo,GenericInfo,GenericEr
rors,EdgeTraceId,DatabaseGuid,UserADObjectGuid,PartitionEndpointLookupLatency,RoutingStatus
最后
自我介绍一下,小编13年上海交大毕业,曾经在小公司待过,也去过华为、OPPO等大厂,18年进入阿里一直到现在。
深知大多数网络安全工程师,想要提升技能,往往是自己摸索成长,但自己不成体系的自学效果低效又漫长,而且极易碰到天花板技术停滞不前!
因此收集整理了一份《2024年网络安全全套学习资料》,初衷也很简单,就是希望能够帮助到想自学提升又不知道该从何学起的朋友。
既有适合小白学习的零基础资料,也有适合3年以上经验的小伙伴深入学习提升的进阶课程,基本涵盖了95%以上网络安全知识点!真正的体系化!
如果你觉得这些内容对你有帮助,需要这份全套学习资料的朋友可以戳我获取!!
由于文件比较大,这里只是将部分目录截图出来,每个节点里面都包含大厂面经、学习笔记、源码讲义、实战项目、讲解视频,并且会持续更新!
**
如果你觉得这些内容对你有帮助,需要这份全套学习资料的朋友可以戳我获取!!
由于文件比较大,这里只是将部分目录截图出来,每个节点里面都包含大厂面经、学习笔记、源码讲义、实战项目、讲解视频,并且会持续更新!