{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":757023087,"defaultBranch":"develop","name":"natsomatch","ownerLogin":"ossobv","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2024-02-13T18:40:20.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/1457891?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1719484351.0","currentOid":""},"activityList":{"items":[{"before":"3fe38cfc51e5b645bda32b24a34dd06439d9243a","after":"23154d66bcb21c6705f563838f83c978d60d7648","ref":"refs/heads/develop","pushedAt":"2024-06-27T15:44:51.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Fix so getty@* goes to audit as well","shortMessageHtmlLink":"Fix so getty@* goes to audit as well"}},{"before":"eb7206a06b21e7a321272587b6e93dda66d09dbe","after":"3fe38cfc51e5b645bda32b24a34dd06439d9243a","ref":"refs/heads/develop","pushedAt":"2024-06-27T15:43:51.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Fix so getty@* goes to audit as well","shortMessageHtmlLink":"Fix so getty@* goes to audit as well"}},{"before":"8cb25625b747ea017cd34a81f3eb57a26887ec4e","after":"eb7206a06b21e7a321272587b6e93dda66d09dbe","ref":"refs/heads/develop","pushedAt":"2024-06-27T10:32:17.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Bump to v0.3.0","shortMessageHtmlLink":"Bump to v0.3.0"}},{"before":"9b3ac33d236c0f58d0ae480c87eee492636b822a","after":"8cb25625b747ea017cd34a81f3eb57a26887ec4e","ref":"refs/heads/develop","pushedAt":"2024-06-27T10:31:02.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Bump to v0.3.0","shortMessageHtmlLink":"Bump to v0.3.0"}},{"before":"65153aae4509d6a71194969666f313d17cb8af5c","after":"9b3ac33d236c0f58d0ae480c87eee492636b822a","ref":"refs/heads/develop","pushedAt":"2024-06-27T10:28:20.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"session-*.scope ate some of our messages; prefer other values","shortMessageHtmlLink":"session-*.scope ate some of our messages; prefer other values"}},{"before":"096caae52f5bbe2de839d52d7b4dc15be8fa1237","after":"65153aae4509d6a71194969666f313d17cb8af5c","ref":"refs/heads/develop","pushedAt":"2024-06-27T09:31:26.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Better naming of default consumer (there is no rename though)","shortMessageHtmlLink":"Better naming of default consumer (there is no rename though)"}},{"before":"f21399836fd0e59a148c5f8d75fd2df7ee529ff2","after":"096caae52f5bbe2de839d52d7b4dc15be8fa1237","ref":"refs/heads/develop","pushedAt":"2024-06-24T19:57:17.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Some more HIDS test cases with legit samples","shortMessageHtmlLink":"Some more HIDS test cases with legit samples"}},{"before":"d9c58d7bfc1ca18684629b6ca027250116f89aa3","after":"f21399836fd0e59a148c5f8d75fd2df7ee529ff2","ref":"refs/heads/develop","pushedAt":"2024-06-10T08:54:25.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"contrib: Add natsomatch-state.py\n\nIn initial environment:\n\n    $ python3 natsomatch-state.py\n    NAME                     AGE   BYTES    MSGS    SPEED  DESCRIPTION\n    bulk_match_aide          65h      2G-    12k     0k/h  AIDE changed files monitoring\n    bulk_match_audit          1h      2G   1372k   692k/h  Misc. auditd/pam logging\n    bulk_match_devinfra      73h      2G-   285k     4k/h  Git/CI/CD workflow\n    bulk_match_etcd          94h      2G-   997k    11k/h  etcd logs\n    bulk_match_execve        41h      2G   1111k    27k/h  Monitoring execve() calls\n    bulk_match_firewall       5h      2G   2137k   412k/h  Kernel iptables output\n    bulk_match_haproxy        0h      2G    980k  2456k/h  Haproxy requests/logs\n    bulk_match_hids          94h      2G-     3k     0k/h  Anti-virus (ClamAV) logs\n    bulk_match_k8s           13h      2G    690k    50k/h  Kubernetes logs\n    bulk_match_k8s-audit     50h      2G    551k    11k/h  Kubernetes audit logs\n    bulk_match_monitoring    93h      2G   1333k    14k/h  Gocollect/Zabbix logs\n    bulk_match_nginx          0h      2G   2449k  5487k/h  nginx requests/logs\n    bulk_match_nids          16h      2G    877k    54k/h  Suricata logs\n    bulk_match_ssh           90h      2G-    35k     0k/h  ssh logs (without pam noise)\n    bulk_match_systemd       56h      2G   1351k    24k/h  systemd daemon logs\n    bulk_match_unknown       89h      2G-   581k     6k/h  Logs not matched by something else\n    bulk_match_v12n          94h      2G-   837k     9k/h  containerd/docker logs\n    bulk_match_vault         20h      2G    873k    43k/h  Vault logs\n    bulk_unfiltered           1h     20G  16444k  8956k/h  Input","shortMessageHtmlLink":"contrib: Add natsomatch-state.py"}},{"before":"3a33ae95f1cc17d7192c69963c7d776555470c45","after":"d9c58d7bfc1ca18684629b6ca027250116f89aa3","ref":"refs/heads/develop","pushedAt":"2024-06-10T08:53:03.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"contrib: Add natsomatch-state.py\n\nIn initial environment:\n\n    $ python3 natsomatch-state.py\n    NAME                     AGE   BYTES    MSGS    SPEED  DESCRIPTION\n    bulk_match_aide          65h      2G-    12k     0k/h  AIDE changed files monitoring\n    bulk_match_audit          1h      2G   1372k   692k/h  Misc. auditd/pam logging\n    bulk_match_devinfra      73h      2G-   285k     4k/h  Git/CI/CD workflow\n    bulk_match_etcd          94h      2G-   997k    11k/h  etcd logs\n    bulk_match_execve        41h      2G   1111k    27k/h  Monitoring execve() calls\n    bulk_match_firewall       5h      2G   2137k   412k/h  Kernel iptables output\n    bulk_match_haproxy        0h      2G    980k  2456k/h  Haproxy requests/logs\n    bulk_match_hids          94h      2G-     3k     0k/h  Anti-virus (ClamAV) logs\n    bulk_match_k8s           13h      2G    690k    50k/h  Kubernetes logs\n    bulk_match_k8s-audit     50h      2G    551k    11k/h  Kubernetes audit logs\n    bulk_match_monitoring    93h      2G   1333k    14k/h  Gocollect/Zabbix logs\n    bulk_match_nginx          0h      2G   2449k  5487k/h  nginx requests/logs\n    bulk_match_nids          16h      2G    877k    54k/h  Suricata logs\n    bulk_match_ssh           90h      2G-    35k     0k/h  ssh logs (without pam noise)\n    bulk_match_systemd       56h      2G   1351k    24k/h  systemd daemon logs\n    bulk_match_unknown       89h      2G-   581k     6k/h  Logs not matched by something else\n    bulk_match_v12n          94h      2G-   837k     9k/h  containerd/docker logs\n    bulk_match_vault         20h      2G    873k    43k/h  Vault logs\n    bulk_unfiltered           1h     20G  16444k  8956k/h  Input","shortMessageHtmlLink":"contrib: Add natsomatch-state.py"}},{"before":"48a88c41a2896ed643389057d537ed9aff904708","after":"3a33ae95f1cc17d7192c69963c7d776555470c45","ref":"refs/heads/develop","pushedAt":"2024-06-07T14:44:28.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Rename nats2jetstream to natsomatch","shortMessageHtmlLink":"Rename nats2jetstream to natsomatch"}},{"before":"f793233fdb73b6a3e4876f85348118d37c94c004","after":"48a88c41a2896ed643389057d537ed9aff904708","ref":"refs/heads/develop","pushedAt":"2024-06-07T14:28:01.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Cleanups before we can do the rename","shortMessageHtmlLink":"Cleanups before we can do the rename"}},{"before":"8a03802401e15c5f36bcbf35526c2e8157ab1f8e","after":"f793233fdb73b6a3e4876f85348118d37c94c004","ref":"refs/heads/develop","pushedAt":"2024-06-07T09:08:13.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Add aide*service match","shortMessageHtmlLink":"Add aide*service match"}},{"before":"3a57f9fb94b5fd97b1ce48469f2d086e20365023","after":"8a03802401e15c5f36bcbf35526c2e8157ab1f8e","ref":"refs/heads/develop","pushedAt":"2024-06-06T14:50:28.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Add ssh.service match","shortMessageHtmlLink":"Add ssh.service match"}},{"before":"8af08d9f9e01af89767cb33ee02c5493411a6d6f","after":"3a57f9fb94b5fd97b1ce48469f2d086e20365023","ref":"refs/heads/develop","pushedAt":"2024-06-06T10:37:59.000Z","pushType":"push","commitsCount":5,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Add various other matches","shortMessageHtmlLink":"Add various other matches"}},{"before":"7bb347bb28b00ee10e67f5c71b2cb2945868071d","after":"8af08d9f9e01af89767cb33ee02c5493411a6d6f","ref":"refs/heads/develop","pushedAt":"2024-06-05T15:13:42.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Add suricata, and monitoring","shortMessageHtmlLink":"Add suricata, and monitoring"}},{"before":"c1ccb1c13294989586d0992e93822c595d3db167","after":"7bb347bb28b00ee10e67f5c71b2cb2945868071d","ref":"refs/heads/develop","pushedAt":"2024-06-05T15:08:11.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"More matches to filter the bulk","shortMessageHtmlLink":"More matches to filter the bulk"}},{"before":"a30e1b2fc543b73e45ed8467404dd909a09df07d","after":"c1ccb1c13294989586d0992e93822c595d3db167","ref":"refs/heads/develop","pushedAt":"2024-06-05T14:02:13.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Disable best optimization for now","shortMessageHtmlLink":"Disable best optimization for now"}},{"before":"9a83c614807286ac2d0a237914076765b0aa5d6e","after":"a30e1b2fc543b73e45ed8467404dd909a09df07d","ref":"refs/heads/develop","pushedAt":"2024-06-05T13:59:30.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Add 2 more to bulk.audit","shortMessageHtmlLink":"Add 2 more to bulk.audit"}},{"before":"21526823392cc5dd1ec99048e2569aed1e77b5a3","after":"9a83c614807286ac2d0a237914076765b0aa5d6e","ref":"refs/heads/develop","pushedAt":"2024-06-05T13:24:08.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Add missing kernel-audit test","shortMessageHtmlLink":"Add missing kernel-audit test"}},{"before":"892fb4a217a260e2f3292b84c133d78015375ebd","after":"21526823392cc5dd1ec99048e2569aed1e77b5a3","ref":"refs/heads/develop","pushedAt":"2024-06-05T13:10:08.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"cargo update","shortMessageHtmlLink":"cargo update"}},{"before":"d817d1b96750482a16006927ca3c64ff7d82a95c","after":"892fb4a217a260e2f3292b84c133d78015375ebd","ref":"refs/heads/develop","pushedAt":"2024-06-05T13:09:15.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Tweaks, slightly shorter JSON in tests (3 instead of 32 bytes IDs)","shortMessageHtmlLink":"Tweaks, slightly shorter JSON in tests (3 instead of 32 bytes IDs)"}},{"before":"c670db579414b2cb113cd95bcf75ebb644f89f4d","after":"d817d1b96750482a16006927ca3c64ff7d82a95c","ref":"refs/heads/develop","pushedAt":"2024-05-30T15:55:56.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Start matching tetragon-cat and osso-change messages","shortMessageHtmlLink":"Start matching tetragon-cat and osso-change messages"}},{"before":"9438507da0c22e13a74398998156c37fb2335e49","after":"c670db579414b2cb113cd95bcf75ebb644f89f4d","ref":"refs/heads/develop","pushedAt":"2024-05-30T15:48:33.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Start matching tetragon-cat and osso-change messages","shortMessageHtmlLink":"Start matching tetragon-cat and osso-change messages"}},{"before":"47c2ebddfd3338f075ae08bab398851e4960aa7c","after":"9438507da0c22e13a74398998156c37fb2335e49","ref":"refs/heads/develop","pushedAt":"2024-05-30T12:58:26.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Tweaks; now it's running","shortMessageHtmlLink":"Tweaks; now it's running"}},{"before":"bfa17e97483b185de89798dc7f14a1f19d5db782","after":"47c2ebddfd3338f075ae08bab398851e4960aa7c","ref":"refs/heads/develop","pushedAt":"2024-05-29T14:44:33.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Add initial matching code; with tests and examples","shortMessageHtmlLink":"Add initial matching code; with tests and examples"}},{"before":"89db34f7252d4191dabb3dcfedc29abbde40a2e9","after":"bfa17e97483b185de89798dc7f14a1f19d5db782","ref":"refs/heads/develop","pushedAt":"2024-05-29T10:13:57.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Hardcode JSON log parameter extraction routines for now\n\nAlso update deps.","shortMessageHtmlLink":"Hardcode JSON log parameter extraction routines for now"}},{"before":"08619fa9dc6c4f37d46ea3c5b56d11793379ad99","after":"89db34f7252d4191dabb3dcfedc29abbde40a2e9","ref":"refs/heads/develop","pushedAt":"2024-05-29T07:39:30.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Begin migration to more useful work","shortMessageHtmlLink":"Begin migration to more useful work"}},{"before":"b929aa12a077a895ed87fe60b53a58f7165d3006","after":"08619fa9dc6c4f37d46ea3c5b56d11793379ad99","ref":"refs/heads/develop","pushedAt":"2024-05-28T18:48:31.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Quick stoppage by handling signals","shortMessageHtmlLink":"Quick stoppage by handling signals"}},{"before":"3f2a5db4a7d72c49d0df431f26ca17ed07724133","after":"b929aa12a077a895ed87fe60b53a58f7165d3006","ref":"refs/heads/develop","pushedAt":"2024-05-13T12:54:33.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Remove prematurely optimized Box<str> and replace with String","shortMessageHtmlLink":"Remove prematurely optimized Box&lt;str&gt; and replace with String"}},{"before":null,"after":"8ce0feb3784e1f0f2eda786231e1133de5f04f4d","ref":"refs/heads/release","pushedAt":"2024-05-13T12:10:49.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"wdoekes","name":"Walter Doekes","path":"/wdoekes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1225014?s=80&v=4"},"commit":{"message":"Bump version to 0.1.3","shortMessageHtmlLink":"Bump version to 0.1.3"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEcQN0rAA","startCursor":null,"endCursor":null}},"title":"Activity · ossobv/natsomatch"}