I just remembered this game we played as kids in the early 80s. Happy days.
Author Archives: Phil
Wolfwalkers, 2020 – ★★★★★
In a time of superstition and magic, when wolves are seen as demonic and nature an evil to be tamed, a young apprentice hunter comes to Ireland with her father to wipe out the last pack. But when she saves a wild native girl, their friendship leads her to discover the world of the Wolfwalkers and transform her into the very thing her father is tasked to destroy.
Wonderful.
A Girl Walks Home Alone at Night, 2014 – ★★★★
In the Iranian ghost-town Bad City, a place that reeks of death and loneliness, the townspeople are unaware they are being stalked by a lonesome vampire.
Bit too much subtext for me. I had no idea what was happening at some points. Still thought is was excellent.
Summer of Sam, 1999 – ★★★★
Spike Lee's take on the "Son of Sam" murders in New York City during the summer of 1977 centering on the residents of an Italian-American South Bronx neighborhood who live in fear and distrust of one another.
We’re all just battling our demons, eh?
P.S. Don’t watch this with your parents.
If you request your data from @twitter this is the date format for each tweet in the JSON: Sat Oct 21 12:13:55 +0000 2017
Machine readable my eye ?
AWS Cloudwatch and fail2ban logs
Well, who knew Cloudwatch would be so much fun to tinker with?! Not me!
I have been slowly refining my Cloudwatch dashboard: adding new alarms, expanding the scope of the log watch, all that good stuff. It is very satisfying. Over the last week or so I have also set-up fail2ban because (according to my audit log via Cloudwatch ?) sshd was getting hammered. As previously mentioned, this box is not well resourced, so I wanted to nip that in the bud. But does the cost of running fail2ban outweigh the benefits? Hard to say!
Anyway, I am getting quite a lot of email from fail2ban. This is good because I know it is working but I’d rather not have the email and still be able to easily check it was working… so Cloudwatch!
I added the fail2ban log to the config and used the Logs Insights tool to explore. This is typical line:
2021-04-30 17:58:06.631, "2021-04-30 18:58:06,208 fail2ban.filter [100432]: INFO [sshd] Found 205.185.119.236 - 2021-04-30 18:58:05"
We could use the date/time a few more times, right? I decided this was the time to jump into the parse command in the CloudWatch Logs Insights query language (rolls off the tongue that). I knew I was going to need another regex within about 10 seconds. But, damn, if the examples aren’t thin on the ground. I googled and found virtually nothing although this post did help a bit.
So, to regex101.com I went. I exported a few lines from the log to test and I must be getting quite a lot better because I got the basics working pretty quickly:
\[sshd\]\ (?<action>[a-zA-z]*)\ (?<ip_address>[\d\.]*)
Then this query in Cloudwatch Logs Insights did the job:
parse @message /\[sshd\]\ (?<action>[a-zA-z]*)\ (?<ip_address>[\d\.]*)/ | display @timestamp, action, ip_address | limit 200
Unfortunately, I find reading timestamp pretty hard so a bit more tinkering:
parse @message /(?<date>\d\d\d\d-\d\d-\d\d)\ (?<time>\d\d:\d\d:\d\d).*\[sshd\]\ (?<action>[a-zA-z]*)\ (?<ip_address>[\d\.]*)/ | display date, time, action, ip_address | limit 200
Excellent! It was running for about 5 minutes and it suddenly produced a blank line. Of course, [sshd] in the log refers to the jail. I have several set up so…
parse @message /(?<date>\d\d\d\d-\d\d-\d\d)\ (?<time>\d\d:\d\d:\d\d).*\[(?<jail>sshd|recidive|mysqld-auth)\]\ (?<action>[a-zA-z]*)\ (?<ip_address>[\d\.]*)/ | display date, time, jail, action, ip_address | limit 200
And that does the job nicely at the moment. You can find an explanation of the regex on regex101.
Once I am a bit more confident, I’ll start filtering on the action, so I can just see bans and unbans:
| filter action = "Ban" or action ="Unban"
Sightseers, 2012 – ★★★★
Chris wants to show girlfriend Tina his world, but events soon conspire against the couple and their dream caravan holiday takes a very wrong turn.
Come for the murders, stay for the knitwear and quotable dialogue.
As Grandma used to say:
A watched system upgrade never completes!
More RegEx action
Had a bit of trouble with what should have been a simple regex today.
I removed a whole bunch of Pages from our site today, and they were all sat under the same parent. I wanted to redirect the now missing pages to the parent. I came up with this:
^\/dignity-care-reports\/[a-z-]*(\/?)
It worked fine in that it redirected the sub-pages but the parent was now in a redirect loop. So, I headed over to regex101.com to investigate. I quickly found that, yes, this regex did match the parent URL.
The great thing about regex101 is that it gives an explanation of what each of your tokens is doing and I quickly saw:
* matches the previous token between zero and unlimited times
And there’s the problem! Now I just needed any sort of match after that second / to stop the redirect loop and a ‘+’ does the job:
^\/dignity-care-reports\/[a-z-]+(\/?)
You can see the example here: https://regex101.com/r/IfIPpn/1
Now I just need to remember that * can match zero times!
Freaks, 2018 – ★★★
Kept locked inside the house by her father, 7-year-old Chloe lives in fear and fascination of the outside world, where there exists a constant threat—or so she believes.
10 Cloverfield Lane meets (spoilers)