From 969b5e29870b7f4a76f6c68fc94974000718778a Mon Sep 17 00:00:00 2001
From: molu8bits <molu8bits@gmail.com>
Date: Sun, 23 Jun 2019 22:50:30 +0200
Subject: [PATCH] added configs
---
README.md | 29 +-
_images/elasticsearch-datasource01.png.png | Bin 0 -> 32417 bytes
grafana_dashboard/Snort Dashboard-v05.json | 1504 ++++++++++++++++++++
logstash-configs/filter-snort.conf | 149 ++
logstash-configs/input-snort.conf | 7 +
logstash-configs/snort-output.conf | 13 +
logstash-configs/snortids-template.json | 478 +++++++
snort-configs/barnyard2.conf | 16 +
snort-configs/barnyard2.service | 12 +
snort-configs/snort.service | 13 +
10 files changed, 2217 insertions(+), 4 deletions(-)
create mode 100644 _images/elasticsearch-datasource01.png.png
create mode 100644 grafana_dashboard/Snort Dashboard-v05.json
create mode 100644 logstash-configs/filter-snort.conf
create mode 100644 logstash-configs/input-snort.conf
create mode 100644 logstash-configs/snort-output.conf
create mode 100644 logstash-configs/snortids-template.json
create mode 100644 snort-configs/barnyard2.conf
create mode 100644 snort-configs/barnyard2.service
create mode 100644 snort-configs/snort.service
diff --git a/README.md b/README.md
index 275106d..59563b0 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,8 @@
# Snort2 grafana dashboard
+While production IDS/IPS still wait for Snort3 where JSON logging is available (or Suricata) it may be useful give elasticity of logs handling given by Elasticsearch and Grafana for Snort2
+
+
Project is based on existing grafana security dashboard
but removes existing hard-coded dependencies and provides all configuration details for Snort, Barnyard2, Elasticsearch and Grafana.
@@ -15,7 +18,25 @@ Example dashboards:
-TODO
-- add Snort/Barnyard config
-- add Logstash config
-- add Grafana dashboard
+<b>Snort configuration:</b>
+Snort uses "-l" configuration inside systemd service definition to inform what is the log output directory.
+
+<b>Barnyard2 configuration:</b>
+
+Barnyard2 takes files from snort and sends them via UDP protocol to Logstash server listening to 5142 udp port
+
+<b>Logstash:</b>
+
+Logstash listen to 5142 and all logs marks with "snort" tag.
+Tagged "snort" logs are treated with grok and later some transformation.
+Output for snort log is set to elasticsearch and index name like snortids-%YY-%MM-%dd
+
+<b>Grafana:</b>
+
+Just connects to defined Elasticsearch clusters:
+
+<p>EL datasource definition (before importing Grafana dashboard):</p>
+
+
+
+
diff --git a/_images/elasticsearch-datasource01.png.png b/_images/elasticsearch-datasource01.png.png
new file mode 100644
index 0000000000000000000000000000000000000000..e5db60a2377b1b824acb5675f5e26094124e192c
GIT binary patch
literal 32417
zcmeAS@N?(olHy`uVBq!ia0y~yU|h_=!1$7bje&tdKP>nk14CVgr;B4qMckXa<q^U^
z|NZ~_`S<I6wrln(?``&&+$XZsll`TF$9q{87N?EjAvzjnIt!AVW5r|3uWx#rWBdF~
z)wUPAc0YezdcXe8^{>0v{a*k3{&ibpMaE~woB|z!-~JwdtTa<)vVr2~GwDVt|I%`j
z*tYg8m6V+A*LyKT&8saqbw$D%gBe`R^Cm6{4c>SvK=-ewp~S-V_fBy}n_fHhajnF3
zyX>Psrmfx@bn8=Rq}eg9uhV?*1TB3kyt(AjG@V$pLT|OCl?fkHbmY!YG8FT@q7*9T
z9c3ZN9U8ghT2p6)!L37_GwtX7T&z1|O699FkI!B|5wrDK;=7o$e|tOoXSj4|xQQs2
z-uTfG*b_3Tqfg7H;7Z~l<<=yXR?dErF2SQ6j)sdQ0(&BSDwYKFEHQXE(aCU;gds>%
zmtZ$Y$wUz~n;;OM?Py1mi(!%>NXeu_E$&=LJCcqpkO=J2aMJ-R37YZ2W1&P~kA#Ra
z$l#+OB_3SDa+)B1bCQeUB8iP)C7xgxxELk{^neT&11r%4yFkN@2c$RYND=`@R+T5G
z<mGkkVM&g;m)TMOZT+GDwkpTx@7r`*;AiJC1M|faosX4|vAN532|6o*JYdrW^~w9R
zo>ReRKZdS1{C8jdSJvOn_Z>PWEi>fm(RHgnUbb_anaC2?!y&f~jW)Wc74qJ?WqsjN
zL^p$ZwVA<WML~tN$4}hjzr9WD@C?rWDWM%2IfrNGzxRvo`Jx*;QB3|%-Z70m0{Qo9
zx(x~&G~6!D0Ec_xBV{+kOEzw4cRZe#EM~3SnbSSJ*6c^UoRlG>(C_>5uOFWXQ_h<=
zxj(S*xb2@$Uu!FS%HAD*yuR*G`u5!q^9<{H%+f*@8Y$1|?bE91IdiA*;m7?S&OVmD
zaqj4ggmU}1f4`Wf8rJ2csCg+l-0Hiy?37;3oy!`6a+;R~mBX)W*>>>0Yn`3NcIN&6
zvpK$rC{J@K2}x{P%!d^0_tr|x&E9n6{Pdiub$gSV|Np(wz&T-xt*D#S(HFOO-*#UX
zS+(f>=J^-4Yxi?bv~VkZKJVepoojPSLLMePnZA`bzwR&3zGup_Uvz!DbD*2wf78U7
z8l4Q8=5A>gpTD?=<P}Zi=%4bkBT!^t?PoSt!LHAXl|ZS%Gf`>DfwqpMBS}mqw{rRe
zW7~et5YYTnd3h3N|Bcnwt6R=bUnZmMm-Eu`&&RV0Yj!q7>|lTRXYTTfpSSZX{{B*Z
z_vKB~-i?O4<o`?8|M?mJ=lgm453jmsJLQ<ETzhoVT>pb~`Q7REwe7O47kzr>2(9|?
zTwZ^I_={yd6Spo_PddcZx?#tf{^Mtl#}|J8Y8|)#598gpt_EU@gq7FybT1MS{B-Q{
z{HM=t&96T^+kL+9<w5%o_V)Iz*5XrVJbL@%ReSu$-}3t(x9hh}*l;kmqjzO8!>)Y0
zW7>KD_V542xqQ3$p@#km52Z@x>^k~)-kmSk*MI!sX1?cbkBU<YgZ6)!JwNgUR?mDP
zap00I%ij0(S~mag?>K%xa`uU18CSDR<li6m-~Z|K7t?(byP6opjTN2r7&$Bcf3AP{
z{eJ!N)${iq|2K<e4TtuD)#3Xe*6+Cg|NH&8hc2m7hgyH~o>Ja&imQ}e|H1O<>sxQz
z?yQxHGh=hAF$<MHw7;%W)#v}epS4GRt`|MD`O+a-_Uik`z2E(d|Nl*BI^Wep5gq5X
zQq1I!@2~qMy1#Jx$J2R}_je1-el>6Tk2lwR|2($e|M28XDIN2;=54~vKfap3tBe2N
z#y;KZVal40i~9?IKJoo?>~HU%pSRCj+?wHI7}VO?FLBgERLw3)Wbw)4CvF@OY1h)Z
zxc92prHyRDCD$Yk`L0SOM$a>p3D5pEb7Dx(o5`y_KKnYI;}KI(S%tuMzbyy5xF>Wv
zGuZw6=)dI|t9MUNO~LP<;S*9>xt`Y=Z-3l>f1k^OpEo2VB_bAW+swcJ|Mzm6eYKpo
zS8+Ye$W`O-nW+8l?`KoJH@Xd-69wn|F@Jco`}&RP@@92C_x2q5cPV7YnvLzw0djS<
zUzNKKUoTWvPF6YT_t;!dE_=si_WYXWX!Y5Nc^Mqi=L>9}hppLqavsO2Y(cZ?${Vu|
z95^KT-2R{7_A+rp#Ydv=cDJs+{duOq+AG_S&Fqg`P+rf-v-30GKg}QSo@zg7z0unl
zm=R`dC;zH-_f|u3HEx-GA5G=t)(RwD`TDSb$DZvhzwTsi@37kQ=lyw)j|uK>i<3pd
zi-q>r*mBgfd#^FraIjJP{D&tw%3(LuA09W~zu?6EiQJO~v-<8GIxqj7!|>L%&w_H_
z-?cAowDY<C<MF$4{f)}z63-MPe|-9^*s?Q{J5lTXo<{k$KCR?0pKgDjxZxuIwP$H3
zZr$vcx7)|V|L?m&sl)fX`Gx8A7Ylm+9k_VQ;zjYpkNUTo&DYztiXZim5|%gYnyBSd
zb40^!a{olPWr^3{eN0Np$mlxoBWKHrTNm%$Yg}%>=h)3%x<ZDJ+)~r{PH3$aE%V8+
zuMu2-|4$E3eqqm(#fryEAKtjNiNAl}5A(YJKeI(#e<YSBsowkZjrE#zZ%)(cZ0Q5v
zzklzOUp#;Q!Q!bkn`6#xTm9)a&;0A=UmaYXMXy;Mc^v=$FZ1+Ww=P~&EC2pF-rzzE
z!}1F?e?EP(x7d{|y-mgK(6KbroV7YL1zx`1{ovsKc!kTydwM74i^UZNzPWj|@0!_8
z^*f(lt@24UyL_{{eet@DtZUcizS#ZSbf0XF@UrXkt2*lIYM8f9b-nT68Pjc3J_EB5
z`Nikj?H|O%wiN}>nH$cL#TC5a&>3m|`ifTR^lys|v|0Pg%p!8L54#={pTDoFdG#HQ
z@MCxF^B<h#uecMcm@~~d`fcx}TW)z(+Pi+g<NCh1<KpFcQcu%%?$eJ;4o{r&Y0u_(
zkyD$LZk{b!m-%Dn?`V%mZ^KDPj=1+EE#U%(JDXwA$Ht9|+r8NCaM#9p-<SCO`h4Qe
zWkPyP*DgyfZs}Tl>TJo)-M>FP7U$ovb{kh~>(L(%ZiinoG%7nfHQoNv-_yqf0>iov
z9XoudYi94oTcry*BF#5-o;z@WWozvAkFPg>{&40-m-&CGNB7qDAJIsDUHRwv<lxC&
zfq}PUYsz*`{Cnnv@#JXDeMe6Axm_{uxgoSIZpR&61IFCl)*t^}&j0YqK3>WE$n4IE
z(M7U#KR&4N98rAaD)#v7eEotA^Jc%-=ybf7ob*IAx_$n?&$i!8uPWN_XE?szCj3~3
zyyjA|tBYRy*zf!QQgj}VOygm#uZC8izofs>>`b<ke>8LLN5|63d|!C$I;QK_AAGp>
zV@!e4&dR@?o7rD)EPdVar^R7L_0dPO=l^TITs=Er#`ONT$Jejux%gmv{sz;_<$uoi
zv?Wh@<%JTO7oQ}jJbJ)aoGd)mN9N9l`Y(U=GCkccZ#jD6#w~8<_<xJ;G(P-x{r}N(
zmwXRf8$>+3HC-!7B(UfIzMpc2%RYUW!7lD`Oe6ny>7VD1<z{Fnr?fnomHgxJYH5Qn
z_nPAW{}#S<{U#s#ahBb`_8&RCF6&*1#J*pTc~3oV*Ei-rIDP$+WRb`{;_LTG9msP2
zS;;(IgXhj(7W>Pk72jU}PjL5ZFbW7O%T74**Jr(b=j2T}PtS3i9=AJW&lWX9!t`rh
zm-Et%hceaN$}ax+*MEIQXKA?K=51S#Yh6rt3stv2xcPJRRBP>!5<98BiTrwZ_I6j;
z8!KA;N>luCJU>5R;*%9-Zd=pmJ^FaEDz%~Jv9{rbyDaN>)ZBS%%P{%jOUFvtiqDUe
z*Tf~Z@4o-Paowwkr{}njg>5sq8sGWk)Z`zn)yWHPR3-+yE<YvlcHd{&b?>zT=JB7M
zvao!9lCkX3j6+Cmomn+KXL8=mWav%I>a*NyZ>ad_rEIO;QVGqnxA)HVa?PvxE<Eq9
z&B{Alt8c$_|MB&=|Ay?}d@;2@SnK}(<^OUmoxAX4=H9OO{gO_<uO&%D{C@n9fBnag
zYq@Xid(E-$$3OcY&C;zoAEl+0m8<RV{P@DUuck!S`j+*E*AF!ReE1}~D=Vq>L`d=C
zCGq?IbL5`YwYXHxzJK2j9>ICjoM!Od|E<37{|mKSx5^V9d<_5bdH*HDsMKeTtIx+j
z_;?`F#Pnpr`^)kLzi)&o+8IXsb6AU&yv=eAzU^4^_i?{QUrBRx1?RuRy)x%yGLD<w
z%&YnLNVP9iwWoJtD965E=dW{YoH{=}>Bz}jwSw#G|FQkPJ?rA8*AoA}KK|~(xj|BR
z@q;_HKR$oumbt&3*<GLK(e&&4AOHTnyTxGZ7n?)<^Y6NU-j;i#{25!^-!C%KVV@a`
z4qf1{f0Xt<aY^fsp3aHA`AqwMKMjw0b*t6wW?f#&XXCPzoC93e_BOwsuisI>lDn7J
z_m0tTx%2w(1s(}+NHve!`%iNDx2+2|R*KL2``SIn``htZ4`Tj&dY&C)xsSiPKkmT(
z`pRDO`}f-yy7a_2eg61({r&~%^4oRFWsdHzuWNk8q2D#p!t61)2@9>xn<XM&tGO-y
z|8ncvt)i7D1r6l>`maA`b|Yq!=-aos8uw&+U+l4(vb^==<D`deuX5K;xcY?qxo+&A
zz~giCr<y8W(&yQ_R+b|+-CWJ>Q+?G|*P=MqsM}Tw**DvMIOIP~v$V5%n0a(U;dIlh
z;RlPi?)+rrEbSj+wuPhL*jP>Isjuvf2Wc$3OA|A0hjCiF_E@xu^_^Is;Se3I-F0d4
zlj<|PpE>=HZ<}WJa9{GDyHhU9UUyB<7GEDWlP9uJdPZPi$w|kWvX#D-aWYD*|8K~c
zoW8YV!4>5zryV&aoc^V;<(e4B@}Do(+@I1t?V4GR?s-R#45O%3pEr0(Xi6%Zt@hcm
zrZ8J{kBm;sM1k|l8m=?uiM(Ka&hYb($nMhU!qfX!?PJ~aEVqNZAh>T5&zd^{QI{LS
z@@9rUSz5Gs{>0dwv44^S@9Q{om(Oky(0`h7LN!5HDmv<7M0j7R<H9>Os~>JCQf&%4
z9XL&DQIFvHYsw;9d(UR%WgT#PS1xLH*^=EsZFS>hC7ZCgj0vWPE_WrVbfPq{GQ4KL
zG|RuN;byq8Q2G8ogQ(q3$D<Fw|FU4?!?}W65=(lNin9gx-pjosu`#UIbWf$9?6?0t
zN1g~)ssBIkVW4Fbq_Su+s9OiAcR(fOlTCd$GZUSx4UUK&JaNWrvBb(HZ`U(VGB7f_
zbYO+xM3Hau(N`zdr!Dz6KTgvvNW%@$%kt<kG34D{<_+pyqV^E?N*g{}zkP)XfAQ*W
z)tTlYhc>ROSrcXXyD4Xel|?{LNJ8^szM~zAf}oD0+)+pma&ft`+n%YJo<HK#`HcUa
z=RW@6@5S67wMHv0?K*gRgSY>+%AT<GUmIsH<~5Gha@)2#+`qUdOgUq(^-&LAGY65y
zoXLp(<i*{>%J&wn74_*^^DZv!k@C@vn<|0~qxP1`PMS1Haq?CU`@3^<Ogkp>Z`*oZ
zY2xnMq#6;k93QtYRq36tdyi;r+`_|m=lp^Ty#~fJ&Ph}*++xs{w1iDsq3dD`Qs4N+
z-L8ofcdCkA57%-|sd&sJEX!t|RrE+H?aci+C9B7py4qrO$DV{8%-_l>^htYy!1SKA
zOLv~oUg<PvJ@+2v%YidCvx+W_jCd^6(4vr^+LM(vY3jj`Qhk9jX`I`Zq%YLbW_;FH
zr=hRsU}wJm#e{?_CsI6aJZL<0DQL!xot)qIFI^xJc<-FYDb3^0&Q@x8^f&Ac7xCgQ
z3J3~hQ_qf05erwy^=905gk8a8qtMl(tslOBcZ~E@EaLJO++oJ@byL-n;_dopdlpD|
zCNR4g&N4vi-|tN}l-g#bD!00dZ}UUJkGn20-)`BV`S!qqj){Bgb&Qmh0)nO}x~R5w
zcP)HrHRb8?1sm2$uDtVN`4+b}hwzsZ1HZV*r}o%fb60AdeeF!^)g$+Wk1kd9cqX@e
z@zj+?DMyZ<P`7d3F+WtztRO14{lylhl=LM^Cyw(5ww9jo_jSt4<bA|s`#@f<{m2oW
zE8%K|hFZ=Iiv`V&OjWvaSz`5>oQDb0D`X_6P7w?0QQ5$_NWxbFxtn`d;$zRwz)7)>
z)ONhfZU26C^9NZefe*`Lzn31+)08`wHZAzxY(GI|XXWZCW~B<bi?<6*J+q>8!}lJ?
zKrf9;U8^5#yTz5g_itiuCU<powyCnRe8{zsL)VVY+uif~<+J{PeDNPHY25!~W=4cD
zrYl$W$oxs(pn6U|%<r|pv&X$FW@OBWUgMhU%jk5eOYmVD|L(1J1qE^av${$mZvHB=
z|0yw5>A*pbcMCH;I3u~Ow>z-xY7g!?c95+j$s`dxJOUY@sVYx4S(kZhtF?wjM5Wcb
z6+-jE)SN=Nwtbk-eDu)0OCo98&UN^DIEAdR*SWSs`9$&Cf`)4fv;Ob#5a3?_P*x)5
zy1Rm*qS!=f=ftF(?%s<ZJNkQD)~*zsv)5U0<2_mFrly1Sfmsd_Izo>YwVamO(=>6y
z3=aEn_BBRZohy8p9xXCEbf;r~oXn$SB|)h-?CI~S_@@0ycYDUsb)&`CFmZ#4%*{qc
z1C0quDvi7XpoRfxSO_-e6I8(8=N`!Rf9Z-(5}dPN@*Kb2m?)HSJr6YMa}?3$y?CZ)
z;-w|umd$1XNhBRf0u7-+>Yt7zl}_kj5@K{^k%T9#ps`C5Q4R$+Ml{?eX}Ey~pSlsH
zq;l6pl~E(zpj~s~!_sZW%*Y4dHdY?k|DUbq{Li+}{O6v}c|J#dPQOLJg?z!i=R8Gu
z#cUSgmbG)b=Wx$4o^yGQ@SNm1%5$9O{GDSvXYL$6Kkel+FQ2%1YURU_qEnVf=Q#Pv
zsdrC4>G^m`fso~F3&S}cemCxa_|N)Z-{pp6V2{g<7b~0$lRRA9MY{xHV+exVwv`>?
zu6@H@`fTHtP0J)YH(U&CO*%56qfbjj8P-8voRqSCR^-O>F4Lxki6{%2S*;4_kq`nY
zbRpT>L?@vacRMDYl~RA<?Q@;wXva}EkgJ`QKvrwGtupv1xLCs1$Sv&N3acW<{Cj&2
zP7SVBn7oy%=rHrKnEa!&80PFQk$Y=xU6@vHYAk>AX?DTWy0EV?&Jy2^RTeX3_o}}0
zXBJTwla>wDaO3F&1<WFem4`st#pI*}XHLMa0B-enC0UWmLCt$+zK&=UOL*{w@5XFt
zWfNWIzITEz_80Lj*N<~{&0}M;|IPH))KsG46YIC<uBR41nboK6&$e;*XB)rMW`~uR
zNnO{IasPg`UqQRW;dW=;n|swl>EA?*zMDVWr|HInB`h;089s7z<2}4sapoGq`Tu_N
z?yD?mm6ZIrN7-n@>dowX+qWsL-NhbWUFLM{ZoBr^$TKHA1Q(w+vNL(Nqim;W=<<Ap
zTP3Q8xT0DmLf_eTFaB-4!Sc}jo$D`ZxCL*_x-_G~@Jpoj@#8ExN-B%gQk@cKr#v|3
z=BJbuq|&sEOW3GXCFxj{T7uIuK4BBX$_Hw)R%%&X$&bxeo-j-dmbW<Te4NdfOW4Ga
zm&ttLg-n6%oUVCx((6yosOo8JeSUS(Ea{6K%e7f@CO*ulW%|OKTafla?b4^R#CT5y
zpSjnRFJzmh{55~LbyEKYUKdI4;~J~K%6K);nRu(Bt2@x<RQ9Qav}fJy-~9}~n@h<n
zD=Q~U__Zqb|Bq6fb}&R@#qlHFx`zdY5-;l%u}$uivEC&ld_42b2`|yI7SnSX-H<XY
zEw`u5-7Vbir`Y|vOUpkQFHSwpD>yrtHPYL7l9SEO&&xb?S2`Cvo6b2Ko*0|L=QXMM
z;XXyy(4B%DK4;s6&ENAR+L_&$B-tsNmK}KWLQ}JC_{9lZ8RHUXW=!0wP`B6m_YSv<
z-%ey?@m!S>o>3^-6R}iIcxLCMj(!PgdBd)WUZ8xz*=Gf=U6vhR#2INJ*V*7JBE0RQ
zNyqILrR@#9*He6K-SQ_!hj5;gyWj84eEq@pG|}RnTAwCPJYrts-`17SG{5S}kwU3%
z*}p4{wS0sYD@sYOJXXiH^jMMahJ~}V)KXq~9O>B_bD+gXRxKmx(*a+r5}zv~$ByL&
zO-w$t%&y?Fu+>$uzVwF~k1kHH;=U4jK)8R8TH3y-uE6POX(2r(rnR$QE-`GJ$<xVj
z_KQSs|KB;8N;4XI6+c>DVX^O?_2qe>kYRA@p~bqqZn39#p72@!v?+D6q0ENPq@-nB
z!ltbo3ulKsnXzFd|D0zFlbg*-yVX-CTAlI8do<(h<m3&?TTcGqKI)OQ#aJ@S%`NzF
z9h<4{e0R?l-_0j_x$dwinH#=IJKULY$l{n*rcmJIL&to1I|FBHJ?^`6M5Srjty7uX
zoHo=L%~-JVc+ZWHM7Lb7oCj($mTEb#n3w1J=p0oO^f6SMwm4IFMzFKttQC=Bi#wC;
zk4y0jZ|F>DI-2C3o8?x(b!J75(v67BF3y`3Dox9ztPjneHML1}@<A3~+ccFGr;0*v
z9Ppi6<FbOwSZa!r;E9)8bAqO=QWiYcnbc&-CVlkegQOI$(44n#W{CdwS<-Rwilldv
z*-KwG;pHn6l9zD_ukTDsTFPmbAbb#<kId}KLY8T&^*v5Jw1Q81|H}g`L9%KSk{&(C
zWH&xE<xr2#*4Ew)B5DVcPH&Zccrw{-LvjbRm1X@*2}$W<!<k%aK9^g2Z*OVo<D9ze
z#)Ow#!p97GmiBht%rQ=TfAV98($8;es<daE-5jKHXtnGw;X^h1G}Q#}zEqZH^%pZX
z5}Vxd&gE~f{jAkmWt&rsW$S;Ge0;x5GTPHDIMMl^RL-)wUsEC`Z$BROe9e`ORpx(v
z_dHT-5pcR^)+MOeA~1KcgrF10MN2Aif~6Nv{nfT%!-mGzr)Q4HTQ%9wkgon<;<TmR
z-s_WBE%QUul%%YKe`5FXzG1w-rP=<&>;j8|&ado>lNXw~xgA?(V7$HUCC^cLnY@Ed
zt~1Q@8Sho+%PB^gm%ppgiP;fR@%F=dMLV8H`%iCAJSVevyBmj)Vz5bG&yo5k#+>$A
zv+U~^ZkY7r_x=0IF0a3QdB){9%hOQkKi}fc_1dlSik;VGTYRpq=@+!udK513NL)bi
z)`9g0ewy1GE4p=6?E5a~Z?`Hqpy$hv)5p7oj&}I4cL^$9&RBND!?G(nudic<#E~OM
z`UC}^EWWd9!E$#)rCaWXN-0ujr%0T1cX89mU*R5eM=h+%PRoqF*l|+*y;XT7E`~~%
z9T!WqriLk7otSO?wrkTTp=Y1UkG3Q|ncU`mHS^6E!!Hx(2<gr_m!H*WSp4(K&m~us
z%n!BA^h=x8dGv(1=~~&0%!!Id2fBCG#73w^ZJTy*($2dE>kX!)x*gV6l1^k?_vYy{
z;qHqz#{MQD#}Yq2TH55=J*_~D+g@CMn`3C`yba6~l8Wb6$Z?4%8_Ak<1%6%0|FNHa
z`NIUchJ_1fZz#CgaBG>_m8mI*=2S1da^=dxol99~8y8);vqe;{?Aiw&&!@{y3cPxL
z?2LbO$k7u=?un;{nsO9x4?gCRzf!fxYgNFUt(@FDUa#3w=pLDBdg+kOL%GOKb$@w<
zONZqqYOahp82fII;>_xeVFym1lPDIOrRcpQ*GBAR;r6XXuAJq!egB<1^taMAZPBJp
zOzX^6Cp>#|UU$0gp*?T*EZ$ielH9y`slej5Un}o?J+<Ljis0ua_4jPsKlr@4f4A$&
z8=*IOYY$`@Hycj(*KwO|@Z}+E#kzjS|Ln~lqLX`1obfU-zjo-XGRO4!HND-xwFP&q
zWYFDYc7){@M?ORIo;8BO5v=>qE|st<WoZ9x?{a@)Rp(ECGdJ%YFLXrWwEsMJ{d2yR
zd+ij%N6S0oofil8oG7_q;r3jA?y-ZbiWJ@6-RagcGGN%fo?p>)y~uesKE<W480;)=
zw#D4cG!cLD=oY)Vpv<i1-G8fR{LJi5>G`sz;M1Qv2|cp|_wI3Tkn5XR?IFe_(<=~I
zB=A#k+lm)EyBHp)YD{?B^4LlG%U5~9y!$unMZc|HT<|hMR&4E-g9n>?Z_L;$FIt%W
zVE!gi!`E{PKKv<+(7En@y3_lENx4&CnTgno_0IoirYTyvZ(o|c(pBNtuJVMJM#4Go
z@AN9<{d)MzWyX)xh1*q|D-R0ay&S(;?zgq|MN65*e(%1#TPC9;Svt4#*o)?N+e0re
z{rw&g9p71<{#{{HiN4>pR7bN99544>>o|R)ZF@c6yZBt;xZ+mBYoAVc{gB9Yt@7nx
zWz3}V%zmfD$K8vx<J7xkrJkMLEO4~L?6Tn7OBQae8}IEX_@7+!^P(@yvh9oh|MC1{
zTeYZW;g6J@qhGHDxrmlJgsB{M|Nlc^(=|SmkQC$3m&Hy>M7lmaIQR34b?csr9Llk9
zTX)gaqOgMf+x&f9uSDY4eDpo`P}ugy)rbSVEys>&7%0h?uKcI0@0M-8<*jvRGW)HK
z$1DWO<>Mvi)l0rvBUA7shkx6(yyJ(X-QCQN7k;l+v3IlNe_HbH<JZz>#`+bDs_iB|
zb!s?eyeMIdS%k&in>%IuyxrCr-;~%I^GkqNH~Qn7XQ>arPLvlnlTogIV_nY9ZnewM
z<if(Q5}I!IU9!>|ZclPA+qm7~PL2%{uKV#t&FtBmV{cbaFZlja{KQJ#$sK`A+hpG!
z-}%ni;!@CwGyc&k$tL&N!t>@fUp=MD;q7tc(nE>V_j_A>`JSD4YoUH*#hP68HPiH+
zO20Fh&02Tp>A%YnCi#lSMp-w*IwqX;?I<&KO!(#(qSE&G%i8P$gQ!N{jh+VIJl*o$
z?bcj7mYh-2!&5U=d2!n`E0%zsdzIT>KWb$#O*@|0IgvN2{PW@^RWJH?opVY4^3mMC
zaLsc5=ltdev(B>3k=xNLoW6d6k!ps8o1aBZF30j+`i~~>cHgk_jX_?FW>ScA>{K
z7A5fK&CQ!W<NuSSBlUhJo1V|9F@OK_^HIY^XG>gmn{-|DQIu5fTN%utwJK}EjzryO
zGuFCJdLN}@P$*>g+|%=J&w;Ji47PlBj7;S<O0H?Wy{7xL>m#e_hVvyq&VRonN?OA{
zU+bjzQ7>ED7q_dpwx8|z^f1p_T>5fXz@*7-U!M3LN_Tr#_Un+%)A^F22c~x~DEh@!
zt>Ru~q+jt#&%mMVaoLpT=?X?hT)nryE1Rag@lzM>p7?EJf31$9o3>8C?EqGGZRe-v
zQ$IX>_<h0V?_LhMaW-!cINY1HKc$CbCfD``14Xw-bHyu+HQoL^HrZAt^tXTFqx!x>
z35Qxc%HFEwb06)PkZBT}wB*n7>ks!n|8cgYrsB!+r#~)#3Y_>#;G>3Hid8@l$4ob4
zRkyC=r}mpYS*$Yckx}VlCAp&=KJAh6%D)zcd@|E?lQvd#<9c*I(d1+4(tw^5B@*Ut
zB^;biYJPPbovy}OZo#gg$|JYu2Xo6u{be(|_}00X9Gt;@@x;NeXJ+m{z1>lUCpT(S
zisa^Z3Mree9P1D;GXAK%dHbOgEpBcpQ2{+1iY+hZ+>%&(#k{4JbvI|ivIS>LT*QCu
zx4c#2dg957UO{`F<+2hSGcD@a+5YAC-LFxtvlVm-kv4aGB>Kn4X?NM=?Y?`m%@tFU
z(rSBN%#S;H`v`ky{by%GrIaEKw-z7eE<wdv3nc`NdNtfyGTatRJiT7V!Oj#c!{bx)
zb9d4n3Du{c*$+%E-u^j2&cR>y`-zYnYcDuEILS82Of#D9KQmOsFJ$?~%O`sr43%7r
zrH*FwcB{`iSKG3x#NS12s)E)DX+_VcC(fL6@%6QxC6)a!EuDA&3mKE`Cdqr-nT`9m
zC+?Amef3_tG_KI(`p$^?6WUjG1+6iRY_a4%J0Ucv_0gJ&8Mmq*{rP>qV1bR)xqX@i
zW|t?+fA=WNQF*s*;mXz(I@&G0|7y-$jBb6h$7o85dcwqca%bi;w?5W5`pc^D`c{Xe
zG__C0i#A@V(e)BJZvQCh%I5XH7TYelnOi?IoLnw_v_s%*hKTaKM;YtS6^cq&gfzc9
z_&qT0ZsTkAR~wfum2Q`sWl-^-iD|KR;p*M<cK*F>kk|9hUe@x@kAj{rXKVv!$aJVa
z3*2!hvZMFr??A!rZ2vT)1vj4)**P~{FmY-7lvj33en>3b{oh1q+FFOF=adULJ&ry7
zmLsvQ_t3VU-j21eU8Zdpy<>dq!h}71GhL4wL~P*sy^|yA{KunjcOOqo&uL&5|DBM(
zfhAIR?u`f1tq1SjHMkPryE?qzxPRszX(i*+ZhznQ_$-$YTr^Yj_=zibWW(iZ+Gg7t
zJrsDXp1tY8_N9!|`@cTA`T6#tWqW2FVtMv0|L_jONfMH0&5MtpG`_oHwOz;W>De0(
z-Qvyt?f2+LW7!(RIE}7}`sZYHWo90)37)d$&9Rrl#|2(yb-(KVzOlN(IAKXU_o{Dm
zoZOw6f7w+s$m_Y;9(s5*x8PaG-xD@&xyz(~|2VPRS>AK)@eilh>whea@BegSuMH@f
z&1{p1TwL)!*CdZqDCx_SIQw;cc1NatP<ZohXXm?j+&6-!p1boe_kxPsGU?)rk+VBY
z@BQ3y{HR7svGAf;Ux68Wg+)8#PTaZIuCiVA%!w5XHi|O7ejG4+AEWo2Nf)-8i+lQ}
z2Z+CBNuI9o!?J4OcP{h#VD~RJa<YqCPfZN;DwVde)o?Rz%@4XYBT%qE$)zLBq;FzV
zaDh<Xy`3ET(%DZ>c+|+oO6t2UE>HMS8rS_~N=Du<r6Z}+7b+<8uIxN`Av&vb&LpiV
zPnISvohR3G{l`Kh{h2?{c>J@xpyZOL=Mq}U`R3>O+0UdD)-GU5ZH-RY5x}4Q=TTr}
zT+5c8l8AHL4=nTWe^_|J-guRp*9z-rYc{y|=>PvI{QXBz(2V0g_i{y)olK0MO6)y-
ztXoj=axch*m^n1<+VPHk8dLZ9esNvdl96^t;-aDo$4m>W78b=>fuLqP+Zo2!X+l;z
z<Sw!@Gdo-DkW-wz#LTTl!0E(o2ScS6fknk4%1#`LR_=7-nCJCW&8zDTxjympri1wt
z;|2SxzrTBY&wc*G?c(=2mam_mb7&v;_twk$b-#J#KTf|d?eOAQ$)6vm_qV*{m#gbh
z|9<Z9<tou)`xXJGf4fY&1Alz@`N65i_{OO_&(4|OSMn*mXDS<SZ@YMpPI|Tcxhu<z
zw=1>?e7gSiTCzxdoy7I+PmLe~ri~JRJC^f5oqfOJ{+=JXmkfV>=l55byme8oySm-~
zSDJ@xb7$NZaN_v+dX_`aGCQMR@49Dq^z^trIi?^Xed)Pti-6OyDs4lly)*j+oHzuf
z&D~a}nts?KWhp-|oZJ5S!_Vg!SDfok$(tM<%dLL2Qae9n>Qck&iY)?8BFB0`eY8cO
z2*w-m%gx-hzw#y~CNguMo_X@j874M1w}`E$CQR6V?8cFv>bDXG>(!k)va*s>QgXPA
zi?e5(3utRQ7O^2g@Y&huhVS=gyLVhWJJ(vCTU<{p&ic`HVMUj%g~=*$2hXegS&{MY
zPwOGCNAK(F`vulszC2r-r8CLp#FI0>Bt9-ys$(@w?~_xEI*z|?I4Tl$@O-EBThX>n
zXENT^*ru$N%~+w?x_GJfsZ-uFZog<M>B+fJys7LAmx`vU>yMXmGr4w)zTrwUX*RVh
z*natVjkoy^%V-57RZ;C9l~1lO+O<neRJC$LgkAla+%t3jww|s~z4PhO`QJs`WozgD
z6kF%P|2bgZ_RoE8siC|^Nq-lnZwsrej;ovW|3vcK-9ns}OINJYXx;p?=-syBjdqIs
zS3^TN3b#Hy7p)LqdE4me`|XOV+-BbG?@ud7?bx$w6BDD~v_mG{TMw>SvC7rYN#V=0
zo>;R#Uw@_=q}|jpIrglHD`c8za_>u_H5)$5RG#^%seHPjIwo;mS-}_IrrEmxD|X&q
zS9IXnj?z1|DVq6{pX?Uf=h=Grw28b~TlbXjTQ41xO`Ur6#*_CtbIiAVet7P>LUwS&
zhltkCcQ$$7eW4eV_fAGd=X6B;@{RqG+|bJQB%7S#-Rah{!Cec3qj!FmU!-tIICZyv
zl7A*^TU(yd_KU1j4XrlIN2*@+;4W_8oX=%f_e*5v%t(v>|BPic`kyU3s;H|gKK1BL
zgP0ZU+c%V~F`RVYZu?senH^IrlHNM5F`wCe?%(PSkCw&1dM~VJUheByAAWX*=oEjh
z?M=QPLo4Tr$5*q+$GmN0tgoACzApA&d#HD~!rG18KND9!{eHJnR50vtfAWu#bLY5M
zbQHAj+i9)$UB3DDv6>Ro+=G{vw%sUwXtgKo*P{QQZu~eG`Ks&QZ~qIMEFCQ5CziA9
z6f}!SdC+k0_VmO&!4B!?d<SCcRVTgTUu;(PcE<0pnEEd^lcmlr&^g4Yea7}e{Y!xy
zrB4@UiXZ)Rj(b}4qZ7T-96YCv%*<VRD0Sb<+zijJvc>XyUY)-Fz_>kr*~=Yui-gSb
z1V5A+9Nl-%?uNAVg2z`FYI?&L{C?$nV@*WUq`!YV3L`q4r>{Ry^;GCe`B&wJ-_jPB
zuk$WW)!y*gNnYl8e-xio0r&YM|L(5!IHz~;-8HT?X2uf5mY@cKPjJt?1<xJWtMd2s
zf0^L>zNTm0-Mt*v&dxG>%4AnR?`d(_XymhUU&AJYY72GqhXs*3KDjXq&bwxwOLCXF
z8Fwi5x=1^JzHpv$-$kz58Zqxz%5QFZ6n><3IltEZkDCpRj-0%_`{C3}Er$&9RM)4s
zHQ(vlVP(%;#&&wj^~qfqTUXc4u&>$Kx|rMN4O8LQPnkKMeTTX#|Ga<O{d;~)XkWmO
z*FTq?o*@0IQTgufmfKp7jLLWNp1ZfJ=fx7OE6Yzho2GXf%INm&{Jpz(UD?kSOJ5&i
zR&#q-$ZJtvV*RLTkHK{7{G&%-{A+!D=&P}^?bQ97?<onF#7Q5xb@bPZclO<(cS>)c
zi*G(1^siiMCx6|Or5zI|CflqlTzqrsva$^qwjX-B@A08pw`cOMWix($NS@LC%US$k
z=7GI8U#ts`oA>B(_dI3RLqDh73QkTkkNlN=ExA5j-KstL%E`I+?oMe|UA)d2+ETnd
zwfzLghPGHI)_1ZiC-(O&QZ9J?P`Ba+%bw4MK{?BU*SxtQQF=N&iu?NGob-L4w#jMs
z-q>`ICoJ*kik`{&p8}7)_!s<h*}ASEi&=V-n}vjryVu-Pni5_3eV)tKHQdeWZSICu
z+z*AP^&C!Lr+Dse$(hH}wN)iOV#Vhr<(qbT_Xx}lYv^Wvp0GQ@#%NY|?VZnC=T@(I
z&L*#XEpey7;?J?S3qPG|U(r$8cKn6J+1Qq+-QvC0MvvASlsdU><f(Pv&S@yr-}6I3
z-mY5wZKQNd=El%ik8b~CQ_mSa`~EmIzOLc#oyU7Ve^h3X=+9Z^onzIuE_UsXiucKS
zX53Fdud;5~Wf9JCe*LthC&H0>EGul3x!kgwTQAR@d;8&zlqXi8*1+Pxo~BDFJBk<c
z*KU_vppw>Hv}B5=b^qU`cQRgH*1uS}gS&c`_srY-e1&^2zT8*0CTfGg%-g>wJlWRL
zeX(*%%Z-C}yZG3>7EM)NoIAI@rTo*=-F=6$DvJ9nQdC@J<UjsAb&mUk)IXbLZw|2j
zSl4}M>*L&rttpa8S$qo>Pe$+X(Q@0lTYrJc4OZ<o^UJMEw<X1=noQF%bjbd$+Y;5^
zd-0KJp~Xdw`!;6vr80fy%e5YFI$#vQagu4ZLX7=h@nzcKJ{88X9~auCRNYSAxsrQb
zjD7P~AwwZIH@0;zthY;Z|M<PV>(GVt`HJc;cDoXjRqE?v9&JxduY2&}gooVH&}(up
zY;Lm(+veSq%+1iAz@B$b=4je3(HqxFS?f-nE%|k$_@Pmlf1>f+x4SA79eQsTMkJ*)
zU%UH9W2M|LL@HZ0p>Lv{+0kFz%WEfJN;vj6W_O{n(IMN!J;(T`R-TOM@pBBD)&A*_
z?y2)V*M7Mqls{EF6Zy3D+_Rjgf2LR)@VsYHG_P9T7}e6=|K@<fv%`O~>e5>{RF)sn
z%+Ef#_wlzfgSNTlOExe&)>Tc}@aUPo^j_hEC-`{SJkIHgmdO-|lqJmQ|N8OfidC!J
z{<Lj9lic~#ZNt28ZHK>a7wA0safAF;=O+J}HiLNW>%DjWUQal^jQ5hY0n0l1pL17n
zCvH5!vU2C2K9Q#%HW|z9W_HdLo8$g=%fnrUvggwNbfoDCZA&?6uP*#9Ifb3A?()1x
zKW7@JTLzh{A9nn4=7h@(^Zmiib0^lYth!OzBK|UQ{hda|z#o6z%Mv=CBw2ov$vnhx
zv-fu3y!nkMPH33q-S59LVPoJjP)}liLeH_~cYM?fB^C1+6P<dFSnGcP)mUvwE+<SD
zNeC{I1dXY7fLf@aUS)UC$=fdRQ@lFTj`a%4IyFt`oGkB@BzUxAf@hGl@;`>eN6gpG
zs+1JiF5*5G)A8a#Rf|vGEzp3qV*X(Z!%OW8Cw6W)*(hLS`0LJ#jE|F24`pX8-KSW*
zbKA%7=l4zHtlYk`S5RK5m|ObU<{2}a{-4RXxajC1Kb}9&-C8oF|8L)xbF(N_KxfDG
z^SA%qxq9G2OQo*xr**;7%Ku`g{ot=v3w+~yyne-*_fK6qwtciV{1Esk-uh2=$Nx7$
zf67<piYOZipZz8AQJbw!_2Bz5?SJzHoR&%dFF(c(ZXf+gO;U-=6j;Oy%8#I4vs7RY
z$3>o_9^7IxEDm11*D_OY+4f6(tWQk~%#!t`bD!K^U8%<Lp)6sY^F6Sh#f3dx-|rsV
zx;ORAm-5bE61px&*X6y*%s%`vc=-d<8jjYLm)(CqWHyM-XrA3Kw_x2yURzuDoez3s
zWc(77&oNGMy_xtf=A+HAAerm#g>ROez0Ie1q0c^sr8;&|v~YJIpUnCDLVnRHZ`x|>
zj?Or}_Vm1iW`<FZ%Jw8gu(^8p$U7P;8Bc68{B&&VZu5e_?-*isd=3<CFZddypEu`j
z|5wASJ1W=mo9EAUuZXZ(SG=74UCiNM6EeQ=#~f?TE}tm0lk<6A%;B4-w+Bi*)i?bA
za-p4D-;S!y+^2U6=xqJ!Fy*+^kLRZf7A$5>_j})bvnKvdrBTaW)0-A$FSit&S#-&H
z`h)#dyx(NsJN;gmcjd@VZuUpJuNBMu>s#IOa~8|<1*XOve;oh(`qj^IdD^<0EuXD7
zZ7BL$C1YR2!R|lDdCqG6viORI;NRR2-)#|G-Y<XbUUK@xN4aZlT3R1vtgPuVt9E((
z?{d0E|Cg3|krq|AHmlUBFUp>E?8LG<fowjzmfGaWHg2No4@%z7-(deoX0<oh@jKUE
z-dn#RP*|l)aAv1T*F<+OS+;NC3*KB%SQT__VfF{PrX4RGJ6}$a-QWI3AbSnBr{n9!
z*DtKACDPZ|HmzD!b7x1ju<WMX4<C6B9^Ku1<KWsK<~!CVKC_R#a@>ReT;ofN%7yao
z<>rT~mMZ>|w-MpHQ1<7Mvr6^vM>*jW3-<b&9v3)od+xG&wBU@LvU}Cbim%`9z5P6U
zN5L0`Q+X-#3|;Sf#P1hboNSWb_a|fZOxf#&HR-ym%I6)~sr6GZEV$;2LH<fsBd*hd
zd-t=8?|d0#C}nFj%Q#*1+&udOf9#&*ZamPdANOE-eEg&7^8XqC2hNUEmr`CX9g}fO
zFZt}p^E)JD+mi2d-<Vo@Xy^BpMs9t_%MV{M<L^t?>)rdd`9HUwID5#y|3XJQ&bUY&
zU9s;s<FBe+7j72Ie&01)VfPn1uEU2meD+XZb!%Nhwc&QAyLVf+Z4<V*G^KTeieHS;
zt51^yca<~r-p<;vwuswkcGZQ*oik_tFA0=ZW_DlFQpvGgcd^!m&>8Kg!*?6bx7Odk
zPru6QbL(kwYxRP~i|tJE<N6=0xvSA#EVS(Nbz%7q{Z$Vvgq4q;$T)q@?ugZi{(@D@
z)$MD{<rg0~GdIJdsO{dal9*L~!hI&vna+k)(?7b;e(Js|Q!cq*&ibN6udL+O<g+)|
zC%%+tUcKba#EBPo+C{j$ZF+pLHaY+HcSaqXBcElymirqj8Bbs{+~l5^Dk{@*`JKjk
zt;16N0VZ3vC|c`@EGx5Hk&)x<ny2KW8#^KVZcp2*q#Myz3adA9-rg3Lw05p;P?z+D
zI}z;u?9rXSXUJtGo4CuD{`N~u@8(gj(pNroRK{^>b-^PC_C6VVj@wI>4IkOZTUEU`
z{KLD0L2~zlD^KH0w!L$IJk3GPZL#@fO*><&`hPn<%$&F}m_sktqV-yB?2S$L;v|)`
z=ljH16*IB>@jgg8oOYvq%EIqY6lL~R)cf=leT#FcPE&X$k$)ufmd|&;SrI)=iIZcM
z=9uw&w3P<1oY`rvRF=9sajzkhnDpy}nOkK2#Mu(VcL|Hd%@g_@(3|9vro@|MQoN#n
z;x>)41Ofl~b}xI`Guhk9uN+A-Ve}K+aC6QXzxfQH{G#C&WpFWex2f~)vi+x*>AD3w
z7%CZq%K1zeP@ArPro_ea%M-UZ!YYR7-6wCm+`r}9k#^-+hMDa7j=oHnExsSi&AwH*
zT{GC6@ZW4}C&>P-hKrQ<3K><FED3i~%bx?T8bH%>^dGHQK2?Hs*)-(~r`u-waVWNU
z%na!9soD16dU(9@g|59mCr?R-re+>`xoY0>6<)>Z>zzSrW(4$n`gZ5Q-rwdIBBhk)
zZ2!XLn3>g4aO<SL(9VY|SJ+iB+W-IHGUMFwjPznTsoAL-p4`dL+&L6mddwOnEFaxl
z?p&~~|JY{t<%tJ;i+xugygX0p;inCM!tP9*dcbOjz<s;@EZW7!if;Y-@@_FPT<`uo
zwpQ8M`P>s^f`qx-x|3gbl<)Ad*!%fcaLSJv-bYploQ}Et@#|&dLt8G+e!1$ropYUq
zb-WXYqD$f(iLG%pUFy!?3*XB<UwpnG+5g~@q$Bf}fkHgcy|yRE`Qy*@?TITb@?SLj
z@2g>OUw`(;yYAN>H>PwbPq&+LJfl=--``(yX1{g?fkvi%x^79_{MDja9um-@yXL4>
zdnkvmcJrF0l9|z)CP>R2h~383=~}wtRG-A=Z1ehC=V#6}S8Nejw1C+0sK-Y<<lEfT
z42;a?mWHjlP_I4h^XbByU6K23wmR<7*_!&M*oEUF>sG@@;d7penHiXFpI7?q%*E>L
zmZ^7j;^*B`i0iwxq@s^Qao0jKw?DgsKXN5)6IkD~rL+FK?d|Ey%{rzpHq)G^?9`DL
z&~xnL_x=0XZTIff`Z&EiAG9&Cr^0fT(cJTbiZ13FZdo6+H+{c1yL)Hx^W=MbSZCPR
zFBGbuH~(C`-Mv$NNlPR@7ELj_3stN2L3{o8d$ZZu_ouvh`Nn1Wjd^B2tZ#B@@A-JI
zHn_(`Ij%417Q|IoC2m%;A3T1vappfgf%QE{eoVc7XQx?4hR(r9N4+<uoHSyrk2=Rx
zTB;hcAz|VMrzh+6=e1Y3n$LWi`B;p>-d{Xz*EZHR*8?$0yYxDyFP>or_DhDy;#a})
zkE-&;^Y;7~&}@8n<|!BB#GM^HUy_!6p7U7i!{2oC2Rel}zebxUzM9?2&t^5_^s?@X
zRF!4Rzsr5^yCulWTY1MTms3nP>de|JPiEKunE&VJsa0NyuE+DaW}WEryZXtdE}ug>
zH>dE~NBa#ouS=~BmtSCH%6d}zdhzLBW|wwmUT?Q+>3>mHX<c>Uezn+k_Vr39?oONe
zKI4$l)EVm(q<8dc6jzH(nR+<yOKMbw+_hgv5}!BvO%WGK%zw_9)A=!Z-C<#Ucf(v8
z_ZES>7cAUb4X>TZvg|*$r((<89Zip)uYXh!D`jNuxA6H9$uF{#756S<zbg6gM)^O!
zbFoqf-aWE-YIDje|G}}Xvo&r$QH=2q+rrtp*8Jkm)pF<U{)){0oKo@csJq4Wa&h)k
zlV%<_2z@klqQw43L2F+8m@2iuDR|HBXZ4?+Yiql&e{t+S%aW|hX>azoHf=e(<MSWx
z5|Pvgx9&=N=)P)Lvz4#5-|qReY^HVgKiQW1e|>yzX4%iTI*UIXyug|$@>qUm^NOCR
znqOC!zsOqU`21+J#r<;b+n1aI%S#xh>&-d(yg%=d^)8X?>tl|cjeagTf3v9k{rAVG
z?(W~X)=J)dUVYo!nHQb5>`C$}Sod6n&0eA*e}j$N>{Wb^W6I6*=Gii6civBYBolbK
zkb%AI<b+A5j;|1&%f9XK@wgh>yReYkd%XO?pR0~f+<z(S?3K}FKlk|E%C#{)=N5cF
z!YH!*_=)6@+YQ#@vv*Eiu0H9J`KjlLJNdTD-#hf{h!#)T)!xp)Qnv#)CI<Rww(a=Y
zC4V@iGu$m{ad-*0xZWeb{ym$g#hcY%(zXgcU7TFUe(p>B(R07bzRcUzHhZsb$D`yU
zx|265FJ|E3<?Szsx%A=SgM$-)YD^1HG2Hj#gH=j<b>aIbb$52&R%hvsUpDo)e9`%{
zd@;LzTi*Jf2bxfRSm$>wg}1-w$@R?z;MEO!E&dbcE$O%@7-Ly3G1c;9@SUFRa<Yf#
zzij!f=_l{7V)~D&U6tUxUf8qhlI_HMB{Iujl|6W<-pt{>_V|OBRVmj`3kc0<Iqv-T
zlZ5D#hwpwr7m%3PTl@9qp|`b0vp#%$P+B7Q?$B|6`2~xX3A;;ux_Ihrc*n&Du@-Dk
z_Zu5Nx?kG=Pavl5W|Qao7a_X-!S{1&zCM!9`L@;d`-O6gsL7UEZZRL6=iZQ*x%=^@
zX2l~c>)o@z$A(-pIWc{Dxm8=9+;OY_87l6s4<G$@=HTu-u$Vtjsk~agY}!#JD_!x~
zpN<;t>P|^_S9H7CJH23o8T)TGxy0g4Hg27wXFE9h4*l+bchL3E4|UDub<+)uiptAe
z3%Toe$@K|cN6IQ1ZizFmPS{$uVC6=(ys~Q@C)c_<``VuBp7cO$MuS?UwV6Bn!G7+5
zhz9Lz$3++HTq^n6_KCGIi~2Oq%RetajJ(Rh%k3IlEUmTrb?eKGce;$`MsrRRRXcD+
zn<sVV#WTq>v_78l@Y%EIv3+yE8?`h4V>Tp+W@W2?uWVWMG&Ad6+oxGx4>wEI-E3ps
zaX?vx(NJ;U2j2UKSZ(EgKD}CCQ0^L8+4-r=FQz~$`c~k~`Ao&j6@Gqtw2WO<jQh0p
ziQBBN4;fv&vPIN%>7BQ4_5|z-ZQHd;W(TW_vb~<qj`?Q=9XalVv}`(iXUig?8x<{!
z7VexXebr3K!X#qG`o-}o<?*>Eym_Wq{F(gZP4lCynFdy`R;+GWzx+?Wqt70hqgy`8
z2s)KGFP1pV2FdM@!V?-#x~|YU<&={nla!PsAS<i<M`ulro7aTq4NP-h%!}GwS((*b
zVcC`W*ixzG1=~>%)}#M7e3)JJW2)r;cTxY&Px(~8W{Ush|H(^}E>EbCdn9@{Ck|Za
zKudQ=!=UE)#*edWeu&Eb=Zo?Am=}H5`rSqCT{riDsxO(PKHovr7jM@^i(_@~CF`RS
zKi#i3n+>U#v@ZVyIk-9Li&y}-%D4q;VQmLBqvY$|_ZVGL`=_0i_WRQnwvR<u)Q*A;
z0=1$h`!VPJ?A`Nv+0&nXQlCLaBtn~0=6*eC@2xBU&HZp&LFQZ)mRfYy+4+SX_Qn^~
z5>w4jL!1Gv9#`}V{(l#;r)h@n5pCt%NB3*be|x%;_tDc8zFp5d1Qtn)EH3Q%D=&5}
z<zIWMnZAFnfWCX^vd_?9<E?XD_T!T8Kkd{f@uteh=THCN{{M%zb=SnSBc}sTmDqy{
z`2`Xy7yP(q45~3D?f#vUsJ`{!eTwzU_qMaoo(`5iayrmQ8eF-Sh%0-Gx3IBqxO`ve
z<0+4x_{y_$vzyzF3F*Y`3Hh<yLk?PB9-3b4_eFZ4`evKlJ4_FrzdYpgUt17SrD(Wa
zy}i5O_vHM-z1z93u5?|@_am+M$ui*`bw7F7-raFnF@3MWS?fg{&D+^8RR7i6wzL(z
zdS>E5jgzvLJUc}mcC24~PW=7u-t6krGhTmmx7=Hpwfd7o;hCpGN3@j<|Ls02a{N@}
zo{G*-6_#E3&Ckw<hxxvXuv|6m`NwMK8yU&n#{K^r&+faHvG*6l)RmeZ_jbgUEV;gM
z`{~;koB!S0yu-Fa)bZUmgRPv07Qf&Bc%6RyJDZQ2#P4svqju*B|C!@H*Za2G72c>^
zApDf|PvUX@1n(aCV%d4{wA$uo_~@g1wQkQt|9-n)D@?b2w?DLP3P;7-e&+@2cN?sI
zc}h9w=7F_3bDINaZTFO0tWxQq)cx&IQ9gJ~V9hMKJ8xefoXc<Tl<LPfulCo<f(Pb5
z_v|fv`;IqezqNu)X2=Zo?UU?&eh{4Xy6@r7#n~&e-X56z`+C9Ozx@*gwQ3KTv4Z2K
zu-C3Y8eX5OSBnIOp5C1DUsq&F?y<Sg;}<N}aQ<N%{8M@FwrdODUwm#6Gri%p|GtAS
zga7U*UKU$teOjZ&pv2LFWk-Dq-=d~H8|{|MPS3x0Xyvk)r+bc`wp+Q8dwP}rqV?Wt
zGSB`lUbuUL>6>GppKqVaZgWM?{Yr_9K;M^HSZc)?-z0AC$aRQ)t$3%tfLpru$@>fZ
zcdA=hj!(SZ*B5x5eg310YW8<Eza)0=l=#?w>sk1uLl2L;_x9KXy)xLapDDGSEpY0l
zJfEILF3QUP3ZDO|InrNg^6`{M&X=ydhlgD6yqs8m?bGRJ{#CBavnun>ygxAW-|8EY
z_xtVzUoY6aJ@rcBargcnH{I;%CN%~X1!rn*>D#-c6^O{$ygB^pVdkUM`~NS7TO4rx
z{ZU<hL2iZR{<{+|R+aG7FB5*Z+@iKY+O>QA^4Z`_cUgFGd-;P$uQ=1y(`EMlogh7x
zWx=xtx>wTMxvrnRf4Bc{XeY<nyM41`w<afDse8#h#f?o#Ra<)JBMIJnt&g)RFTC0<
zzhM1x?zy(t3)k=F<Q11+Xrjq-eSW>tkr&@u%Z^OXQg{2a``tzPrqlY-1}{bDo_hLn
zcJKPQn&z|nw!M)1#pj-F<bE_m;O9cWoSrjx3tt`-NNT#ic<XOHt?sT54==aBu({LP
zxbV3~&$NE8qo@D9Sj#{0++8)>Y-2CCqc6_QZQihTW2*dYu_ssF3%R+yJGV|F@1g(o
z!-0>g9zE4q)(iHd)Nu`+%~Fnsc1MO!G5s`qiq(aHiM^(Ff-CYf-D^`Bb9CF+=RfUR
zWF<LE>h*({3EeXeY5n-gwot)%mb549!gVWUm(DEw(0#(qr$fK#kynea+s2>K6XoPi
zoINbpIyJOF;N5N6r=h7I_<UT7y^U98Yd<__+jgnVY{@cpj@e&DJ`37ETe;@NkMjy5
zyE#AGi|a(R-nw<NR&HTc<*tQ$mI;*|K5eRVfK^VB^U(VT()(DivVJ_Fzy4WWeO~1B
z=^FXZpUC&R<wb@+TYezbS?AN^C-XTgTbCtxr)>CBwJ0_Jy=-6GG_xnFZQ9d~_tz9>
zryTmbso$4-PHjMpuCSZCZ0XbwU#Hx&(Li(;3VYJ5AUW%!_J#vbl=7}jY`t;A;>eLB
z3RYHbKO!S;_DoS=Ph_>YXuCD-Gq`RLxqJ*<H*`(p>iVDf(ERHMZR3A;xBi*0`SgE;
z=6tpP$Gwg&Q~YRi1YRvctIFo2C2aed9-IICpl$O{cE^lIcem{-zq2^J1X?Y6&3p%r
zA#l-u&-mY#Lr?a9&p|KzU+6B7$aLEy1M22?<gM(zm}B>^uOfAc@1O81XHe^qtYjB=
zwYh9}K1o+z_dWf2uE{e{{c*?wv`oQiOMj9JhoZ}K4bVb{l0G_cHj5Nz<mN7PE)#ZI
z)(BmH)yk`*bJE8+z3*Q1=9HI3&+^*^oYb6idw!JfOM7<BK-IX<LgJQ-va-{OkX~u!
zk6wLecpfFJ`22nU{^gT?><ZFwYniZek;K`cM+qJelNT>H7k|I^`0Vzb#m}`rKCi5*
zdhFhr<iasitLvhUDqq_SC70soQpze;Y=(v#lUvym{{3ma^YoKKXTHCoQj3o|R8@`3
z7N(tBc{{pqt0+ou-T5(Qf*6OgO6g+Ix~`N}CS4PIqXn{N-`cQMNq*b3eHyDz$n85L
zSG}t*Ve66HB(B$r*>44|h^QqLyNcSh=^K}Sa86Cumdf&an4&s=T0l&D!`45U>Qh3(
z4?8B!`?vDyinARDc5UD>IeiP1i(=BZoONA#r^cpmM>c=)%qbJ*l!@ecNqqh7yZ)+U
z<c-@C&iTyedz8@e(Quaec~G}9Vo$}&go}$*=Nvuc|F0%BR8>qTLM3P0<MsOU*pGGy
z7{!`&1-_lBXp+{V=wBwYb!O?02Z{VPPC*mqOSJu2B=oL?DJ$#M#VZlq=GH%R-^knz
zyimlrJIm<dlNT+M`Q;U}D(a3_=Ou?%>P*VwOK?w|WT3nGrA?XG(L-7q^3K!C58bnt
z;nmIc;Jw|jV24mh;b;Hba~fuxjV^fn^SZ_E?YzIs%?@6<#OoTJx<dP8%g(9RU9VDZ
zY}+bxa3QC}uP?<{j;JnN(9zvJmtSiKLzw82Lw7VeRG&`Gc=AkM?19>UTixpmzbC1m
zIcv_je}24+nU|OLg*yS9?%vTy#IG!@{PF#B_c_O6Z{us#76)_<CR*QZo8cg@cOdjb
z@g}iD(nobCznZnSgY%<s-f4R^ckk>iW%2Gi1n$06<!iffLqhl9q1NslpSfE;e6at?
z5gOLlC)nG=p?C{4Luh>a<G;Dt8EZ~FbaR{i;lod69-eOp&)*cgo`3hx|J%FY?^oMa
zoBzOm_g%A+=zx$aK|v9gmzSK`C-QN5tzYQD>&xQm=*qI>yVS}cm%HCKmA<b&XZ!u$
z^LfSdfB(^)pPt4fVI(Nh>hR~^hq~0XR9{cENcn4LCa|vm5yW$EPZM`5?+QQO$QV7H
z#hi;O>hq$kdUF1@RG3&Y1%@g0o&Vlb@@BE&&A_%3d%~t1saRB%A+~VcJBfKR4sH`A
zzOP@ZXta1r^!$vBmdNS0X=z6+=7)99n&Yt~Y}<pP8SGAbVrOoUc8i)}`s%3ihNM@#
z-LnN^@APhBk$-Zpx?{-{ADeWh<Cak^8>3%N`YU>5@nVB{GpDr(?tcIEDCddQv)zhf
zl+xr(4=HPK3OY_VG`q>?{@%nUN5k#-6Oov?wHK}hoqTgWx#gxuT(;cjc|B$!hqTq?
zo6A27PAr#y%K4AOW2IZ!6z%u6|Kc_^DtcS>+_)zo?T~Zx&{mbQd51a#HpPXBx;1|E
zG`Mcvsa^i7KzAXB{=aWxmxK3iNU7rFP7Ik}D7a0$=tArPvlo+|?h|p73-sJzS1Ggc
z>Dr7F|7uRHFU(=un>@L|=*rOpo9zRR&U<!RRH>U&IkCldyX;MaE=?Jiq6L~gx^o`B
zspsVXZGG{I`SGjM`4(^4Rp_$wg|fk0Jua_x$yF;vUfFrh$UO6G+xoZDdzQV)@Mss@
zz1E`aw)ouwMN@fQW?>I+y(6c?l|L_+7d9}uc2;LGzq`13oW#cWo#{24X}@mm`1MfE
z?@qSHoO=H{m7519sLHx=?_IPsaZ5AEmw92LZvSR(H@tAQ>t6fhj)LB&QrXvMyneC9
zE0$;RbK%+-^0SY!mY+WQbXwcR=q>ltstm7p3y7489{wBqLQ2kk)%?rPe_8T>ShBWd
zHlN-K=knXkTds;J7tS;=D&5y1SZLoiV_vjFhR(8MY!{6`3RO<GE!bKu)q3z_j6~#b
z4nw0m-HwI)GJ6(PCN9YnYugu97Ud_g)ODe|O~bEkj7wN67B2GaX=^JBS=O$&a~1R4
z+`Sq5=Jj+e3VT+Yb!aoczxZK~&s!K`la|%F%P+FkDe%0~X)%BDp6@@ZPqMY?+?*#^
z{rt|MwRheqTl*)va75~_=2|>e=Sxq@X>;+~n7#KotA%SV&;M0mGh2~Awf^w&?~{0W
zB6D`++^=KNv<y#3T5z(Jull)+w9T8v_c+U+EOEQQ%hNKUbfa405*-s?nTHQ^PHX=U
z?7Llg;OMX8-@76}38^Uid)bOC$y0y&FCO|YQ|ahE^{wH>wRc-4Y;{juvLuDs`P%dP
zs;PHukI$Qy-0W_od(h9@@2=-M)syQ$@$qSKfP|*z%>xtC6(^|dRk1r+{H53dt~c3o
zlYO6-@3wU|B5o}c-fvBkxF{erdvZ>~nx(ZxcGfKdpLD13E@ocUUeUa5;@QTxYuB*r
zb$omGyta%(@kz9fG^lz#QMJGTv`(-<1jG~RJJccI)Nv>fJVb24rR>C^$mO00s*N9N
zfX09|WLiP1+gcY>OH*yE#LAh9#@3uto1W@?x2TcQel&f(prenVn`>cEs=A`cF^{va
z6+LG#g)a~2aB=mH;p%ki^O@NZdCh56UR|D9j$fAk&1ZFIgFVijYF@E{!7*>zp4zB$
zh5uE~m~mA;Z4q#?`@PCwQ@_?>`~N@rk8tr+oY%DLvH9@w@{B8gGWY!W!PKXI?!e{C
z(yXRQJl92vE?;|gO~9ako;df%?d3`9&Ro99r+DbuQ7gsi+#g;(R-Um+cg=f_S8{ug
zuic{YV-C0T@x|pHUkx9>6<_`GsC&x{uVwD`e>ofHShWZ^{n)3~v+7u!qOB=+@K)~n
zhw`o$n>qK?ne~2D&);Ftwb!ugk%s%bpH1(kdwj5Ky>pB4%vryOUvEF>*l7N+>B-?Y
zI%?|6XE0PU%X{0(m=zv)@P^x_>WhT`5ncnkB8IYqKP$fd4z~IES9P76W%B!plPe59
zN}XS}{KJ#8?d!ReFaNAG%b3-Y=p8>fQ^IavM%<j~Yl}-i-4}SgFW|q$vwy#Y<=otN
zRtiV!w^-kHc;3VA_H5qci*Me)*gw11A<^>Qzvuf6YW52pYMTAyb^L!P|423;XX6ix
zJU{)|KD}6C{+uK7^X-&QJyrSkI%?7TlhtPo*JnTbnVl!klgn)I`w#2(dmEn>{oEVq
z#1Uwu-FC5VF~gpDJKO*M<}vv6N>gWsTytN!kX_%slv8{UHk2!gyWR3Lthg52v6o%v
z!;`NTUrf$Ul#o8L_OO+axc|FlMTuY5D7I@`&#&U=Z&~QE!?g30w_nW6`cu9xRlgse
z+<n|2(JAx2p!J?Q^VSb7vnAGgJ$Y4eH2!h>#rpawR$s$<>;L?Ib=c$h6-obpe;67M
zKL54tpJc_^FC|q{Sp^qw&(mIA@q=x;?AMtun^(;I$^3BIr)sxLiC<nOs(znm=_a1M
z#XwAPrf$YL?&q)Od+$E|_VCd=bys3JA6}E5IgPbg_n)C+i$Ln;B#G9i+a506F**AM
z`}}{hs)2mo{!?}5ExUZ|z~<#2cs(bx9A|Wn$rnvtu$NQ!@a33hoxL*FXU+C4+GxMD
zN|AlXf*<|$|73-QCkr+6o)GSJ6nVUHhm3yDzke=8r+S5Z%j;{aCI0^X%bi!vEXyzO
zG;{YBJ9pkPJHZ$8>i7d!*b1Bd?_SRR`^1OMah5$d+`n0t&8p>n>8n3Mu4<NcbcH>i
z{AM@TTJyMlHC?Orcv~E~&F{n!Xs6vGC~UC)p5nRueGB=u56u2J`$D1r0qc!V*4Oaf
zUvf0tEpTaV#or>oqFhgbZvV$iV|La~dC{FXCEzQEtGG(<{$dZYnwawsug32`?DSe8
zyzJH^6PAzW3hR2FKdTj5{Uh;9v;Sq?M41Nu^=u1^9gNO@OJJKhVa2>(9WITA;b}=(
zoL6h_%eg5^o+&F<y&d~P^5@bijtMKzw(MlP6<6!@LDTZL3x}dt+D(H?-+hk#Zl4;I
z>VDzhC*^aJ*){vpO#boYKRf(lMXkxd*OxiA+}xFwmQnXbYQKFo)5pipEACI%H}6@p
zUh*u@wZiK?G09pVpPeoCIcwwSoyx@L6>BV2|E;L@aK}USJ)P6_>y97!lDub@Y}4G6
zffBdb62D!I_OYFHFy+4Oj1}?@r|uT+sk_C>oi=mQx%(e$p4i1q=Txq|-g724>BE<&
z-f7YP2A9KmZ7qL0b10rlyJ?`5-Oa1K+xSiCa^@W&W-Y5&;^SnUIDSe7NN7$trm6nL
z_gvxLL(3PhHMsupx?;<O`HZ+r)wKd{s{*WRMB4jTOs@R%y+gq1#P=w(o*N36u3T!~
zwM=j3_SDnYTz8lMZ<}i!x*_?vUe5h}!7n$iFFrqS@1FCViY+zkQxA8%<vd|_%-;H?
z!L6;?=GQ&`|9V}Pb9a~T%iP=Bn6-QuPS^QyC_bqUl&DpHX^>Rynj`S{)9Llzr=|-2
zmb&Q>6nOLS?>Qig7a9C=yTtqDyoj3)m$K7|sD&VYuQAB=e<ZR++}sL^OD6^Yn>lr}
zIM3FfPqW>AtHjKG`}662k6nfTZW-Jv_YkfwtC<&m^+HqEoGNMARzby-wQIC`Ua6%$
zShl?XnYz3{-s0{>|1|ID<~M2Fiw|-?&*$0sa6{J#x7uSzRZnk9ZFcpv5TDPc?fmlV
zt>lP1M{bM#x2#RM`_3)AnA=T$+u>h3a_*kr^T^vi|Nj(YA^o2pU)5;8JQiuzv+eEG
zmgxuhtW%^4-wKCWY<m8APvcV25b=5U7xU@sFaNpW7w@-k)Ak5NWVe@|efaX_QOjk8
z9pC>jf&Cd7Dxn%?>yndU;TFHwIkSd^?O40u^ouRWAL;d+Id|~B7Q>^3K`D165BS`-
z{ZXZ!xM8{UqxM`2aa~U3ix)VU-ZmLrx!&pbQR9*j*N0bMWom5BFD`WGIoB9?r1IwD
ztk=q0%(p-Me)6Y*m2BV3iCTHLZrXFM%X^oRI4%FJ=wq)5+K0MdUA%m;tMQoE597ou
z0ZLBKXGrKhe`IiH2JiVFuV1`-aiG9kREEju;^k{CiE3BQz4#cv+~!j6<{XL4`CE=?
z3LC#z`S#hfuRc13&$dXO+qJ_e@r!of?3;(~oDu0`TCSS-<k2gx=*`IyJd5Z4PE5^h
z4Ssgb;F@KNGTXEb+fACM&Q;FQIh$B^ODer*>xa{Qdkwa4YMI$;+Os93^5I8QzS$KE
zRxM-GoM%?hwX12?EUt)J#R;I+LUw9s;uEppu4nt|ro?MHx<6((BHPMwdcv2UM_oq*
z+*Aq^w_GsxT0PtK_}|qpr0TmTz4ktwQBuNiv~s4!()S0x)}1+Q^zl_9|0$^|LxojG
zZ~Tzec`3Q`Skf-#`oj1dzho;n2AK06uc$Ztb?jK;ktxr=+Z@`uDCo~)`+vfsozEBM
z6;I?|eCy@)7229dU%XcDNI&!<G2gnV)$qdKQ^9SQdOuGx_?2p|qwD+e^f%@WM)v1y
z_RE)TTfU>}*0F0Ai>f5HP0O*oZM-Q?$nD#-;|tESOucvTaE!#?O{MB4CA@`?T3F}2
z?cHf`DeSN4{uQqd+>2o6Ubu8wwN(1rGc&866>Kqm)_VLp$N6;+m^7MRimE=DW_a23
zM8EKdR~unrvm{Tr)&AdS;X}D!E*g9mf0yP`XV`Pgg|kEVwQJ=j{XNe52koB~OSp17
zO%!_9e&?9v5|-Z&A7-eZshMPOu}b#Zx#thwzvBP+hGWiLWdmbFdAF)>6&BW9jdvqM
zO3x`-nl`U~FQs_Mp;uu0(SAWSfd#2WLMsmimE2o%;6{kNj*Mzz$R*QW6@Pb@_?{;J
z2?7h_n6CJrSG*8%?)4PsU4_&57T<O6Kiv0n?;MLno@n;!H~0VLCT>anoxj2MHOKSK
z({3zX#_ye+oAdXnz&X7(!Qkn<i-m&{m!$J4_x`<86}Btyt7_rT&=`i=cam2Z_(&XC
zeSDFDQp=jDS6e48lMFJtlyJa@Td7sx#{8DG?3Z`!HsGBVuVk$65EH|2rB}9K=?5-9
z={b%;+c+XmUNqSJ-K}RngI%Gg!F4m|m}wlAhgjaFwQYD(Q(+x_*w~1-_2<qFrpAXN
z_eVT=o}#R(m{s_D`P}o$@gYq|JWiS_%zwcn@+9rxArE==9NUS}5j_R@>N9q;DBL;B
z+4o$i;9U$ylJee#>Cal${1H+yJe@VmLcw^y#LJC}7oO~O`?*9q{iT7?woUD?{`hk3
zUnzYsB>e5?OsjD7m6uD>3X0;ZX7zC^m+e$O{_tr|XYTH+3F+srm~L<EzI#%??V|qf
zZ-<ZF<5Tz5O;}UjA}$wy_>T1~&ILwu64qyC&VA^2ll8XrM_8Jen)v1Oq`Wz)>m_sj
zsuSz=W^pUNE15gFcaD`1sENPTDe+7166y4(9E;b3TIG@2B5t6fb(w)u%LMu6LocK~
z&Cl5fOI*yqEa-GisP&@xq`U<$!*_EkJ~<v?){|kQZ1>V&(Z?PRD1S+~-M?xVP|3em
z0Mz_Haf@p0deV9jd7+6Vo-;U;EuU&{{JOVg^RucwpSC`dn8bA4SUdmx-y*df-ycu4
z4L6jyF4?WS<@^o>%_FVfZ4_H3tlyj@VY>GR|DG9hj~r=nnQ^<Yr|y?9lV$1CiFqr|
z&+~7%EXf=<ck85kUzlDlTweKflS^{F(y_Vm=eRu2HMH{WpOc#Lxbd`IdZN^<MsZ)s
zJ<mZE=G^rhi~BhYW23eSxUIUi%;VfCXU9A>oj%#8^NcND_y0MhwB&f}gAJXwd0Y7(
z%b#x-e3YVjH8`+2zr@O=m6fBw;Q2J`w5N@Cm;^TkEm~0Mut~Oh|7i^!9hZ*Ts^;f!
z&+AjYG&xyt`pold%L`>aCt6fF2)R9FoxXF^k${7ju9rDTU(DQjV*jMRwwe2%9roB1
z-^yB9U|T%rwW00*<MoU8DzV;rlfC)#<7-nVO0*q5vuER4b-kUp^*NQjzZZyzbWNza
zDE@otc6ScNC*AwBdsZDeA1EZ+^k9i}g>{i|_0~BbfAw3k{H}Z)^;zYW(V>ST+J{#A
z37YiD#l2biW6AyF9*;vSezhjOI4WH+*W~b><J&uI&YOJOS}UQko9A=`lh5}nht8`D
z>^*-^`GnKt{kE44{#^h6&)O?UxbWE;^?CcNdkWHIUtXR2LT~4R-1nZ}bAS9~P5yE?
zp2Ot#A1S@CFUbqm3Dh-;e|T~KUpx2W;-6<<?3~R!|FigqH+N;uNl7mFEP6S+=*r=L
z!e@TX=Pg+Ow(7M>-jPZNf#8<Fz&p<kj4b>6^V<a;JZ|5;S3gkf?U`zOPQ{iFwXPDL
zbC+eWe{@Rh(2ErdRWEJgRuD3Mu;0Enas92#j`)2Czy9&5xG}4!bZIp&cVfx+lj<%J
z-q-RAF7dhTI`(2lZMSu*<%jZVUz&=l?k6sIYPI>DQc3@wW{qRb`)$>F?Dl0mdu8qR
zJb9H-;HLXozX~=O#um-;yYZ>$<jNiU%Igp1|NC<LQ0A_C<^Nl!ol?r1t^EEUf4G|L
zF|oXbC(^6jzS=&H;rMvS<G$eL{P~N&bP4#0we9&nNx-S2CSK4j{*~m*1<!w0tNgM!
z@F0TYU(%t({j=CgzV<v27VEzD@P488x#&EJQ2T!kAB-oJu3Y*0(TTt^OXeNyafkNa
z)7&E3qL}}JIWMLCz~#%clZ(!@Y`1-Buxa;<_LHkQC)L^%NLbyP<$b7Q?lfNIc-@m<
zoFsVbew3%Mdv7~#bm7OJU#4#tefU>s{YKYEP-Tyvc~1y`w$b{-EYBAUU$Fkl$GWg=
z&-cj!P8|2cTQ0_H?D(;>(adt0sk~d2MD>61P0EKR1YGL)f4t>z;Oc^!8rw5-PwgsN
z&VF`gqJ`LmuKvfR8|*4;3}yaok~X*!z~sMQ;ER1Nt2}@Gp8p2T8$Q={?7Y^p@l=I{
zOX#DoADHKS{^(ry)%M4%nIE>P%eqzb&i(l3tV#JSy^n6vyVl3WnDr>F|F&qoS--Wf
z`S0!jPum`!w@bP%fK7h>=N0SrvIl=<-eLS*-7D!%;v2bs`}yA#R4hbzna@9Mo4C+j
z$?i;v(t+dBPx+4pN<KdbNi}OF+!Rmlypy?__1!jg@%*=D7RnBB3pqFy9X-x@H1Y+P
z-BNAY-I(~%t%dp59bUFTChMK%20!Laopa83<JYHod^?nS+7Akz+!ovPC{RO4(d@?D
z-I5L4ZQrrAT{v1ByQ5K2*>KM8M#o>*^2(}CzP%k}Zs6jkZ&NPPSSWd?j`i$)lf-8N
zEr*;G`;0HITX^!$SzgA(L=V2w*gcJozxo`d-)o5I+&Q55)lSHX<L4&P!yN)n9Ff@s
z$7#SrK3NwoU22~8?YyhAGj}_m?6HH*St*kf{ulmgc%}HRxH=@ZyWD5$+--ewSFZGF
ze0@HxHn;lQo2OfYT`YB^-P-$CI6DW6zp|J7=DoLgIoG!Q`<?Oicm2$E<lZhzxW4Z0
zo##{k-r3Z<`Hf*{*_-UJz?;po)@6n7+uu}gxw&zD=U+cLJDs17X^U#Yc$9DQ|2^OE
zm%Hb0(B}B2_`07{a|)uj=RKBMJ>Ryc>}}A)d+gu-PN?lSv%Z<^Gljo(qD+p&#=T14
zxHqJp4%>8aW3TA%_QU7p+;Yw*KIGT9`8{LvWZPpdKLaFAIwo$}dBQA2#7)F4<?}*=
zNzI2ciYMl-(CE?VIq_`sDubd=-Yp02O$k5usnfe@=bTSxUFsxWI{vBPGE<A%qkrl;
z7Z2Yvx#UmWg)Xc1EL+(aK7I3j0rT6-3r?OE6BMlb{Peeglpxdk4cr%QDXvVH72u5T
zcZiT!Rrt9oP42^&udWlCHO=>bUBP*1ug=a);n@j4A|!P49xrj0usO?{nDDOm!Oveh
z&fNAax8_96NuMvyWjt|~1hcKF=sFz(waJ>N53ts==S;o(y;S9Pz)5~(=@gNvPDecU
zmdMRAI^TX={h-IIiTnQ?+m<AeIp<Mdd{vazo8GNI&*ula#??t}i)dZsEur<i^5`T`
zSgg^4w5M5=>~wh}S&x1w-gb~P+W(1Y#|1NEK7HTXIo)TS;>x&udSoZa$a8sb4{)il
zDn7kAaoU7AU3+>eUS!U92#K;YpR!|Sqo&a1bqdP+B_;|6p3v1vb2`t{HtpSs#AVJb
ze0ypmx#PJO-`i(>XUocHiAyu|zh?e*j!~|)Q((x{{CL5318;PwiJ;{Ct{>cWH%?x$
zeJk1Up~HoRo$c|>Zt)oA_mVPAf8SKGJoND1({t{dTi)Jlbr(JSeGhSdwe7zBbw>^R
zbek^)I~NH*_vJr)!(7^Y5{pHp9{<$BbvG6kiZOq64Y*i#<iKAhHIb0Q<?Gph{pMR-
zwt#!r?rlo1vaFl@Ru{kK7Tfmt=>y+453cR!-+t`g;%A%0x6kF@%wI4;`+nP`zULVe
zv!;lBd;Fr%dds(ahbOL$zIgR|_uAXv52!9=66Ms}!<Mr5gjvX^!zbj8i{DygW_8c5
zJumP&yZeWZ;CIQ=GTsAcUT@bpx95;;+7Hfz*Rs7$hnVJ=nmhSq@wJ@%ct$?zq=(O`
zRs%JUbH7Bhj~dM4mz?VSOJo0aZujQeAHJVOgo2C<E}j?5kzi%5K7XD2@XreY?~IF1
z8M3JNY5n7Ad}F9~>bdnH4Nm{K&W92@M@rHeyLK&~_~vCJd$Dl`pFq-wJUgXN?-tuA
zGNi73JY!}J%l6B^x=-If!Q)){-`IuqhVq|1>`I@d0tKY|XNngWh#q-(c6Fi!TWZo0
zJ>jd)n>k8LkAHZ=(0BUgeEHm;23F1Y<{7=Q%jw$m$79{ZeNxHnw)0D_9Q&#CDoVP^
zcWZ&w8kVOQ&+P~??qNv}esf1HbI;Avt6#o4`=92uJyTs0a8{t%`R$EG@A~dlJH5GV
z)%_^s|IxR4EeH5`qrY6cdtmRsZ$ITGYUP!cFMJcG{>RU&%4MReuZG^v#!udTclIny
zSIe6=b@6($^1|AKhs3rR*&5m}uC>ULZ|!Ph?@qjOrHWr%#^l57iT1CuW*5f$No>5l
z(9)K};P;=ZZ8?T6{^d`T?tWFf9Z;*;Gw+|_@h?566z5g4$n&eWRP0t-SR|2|cx{Dv
z|ADTR$8Du{CFX3B?Yoy*aif5>`TRZQmvgLLocAj$M>O11?|*nCdVf-FuEfU6Z1+Cy
zD7(meZepi_)sm(otLiFVoU7mW{B`WEi@c53%3@x>X!sTOuX<mY%HCYJORn$ux3w05
z%B=I{trx%K2w%z7OR8ESvi0%gf{WKu_ia!<(W`&ZCtkYTOJ&Z_OYE^b`}>W3Ew-gp
zR&z){pAk3N{>US_JFjILHS9QzjgvO;9zV3JU3#<Ohd2Bo8<$5EwZ1OmO8seYtF=Kz
zP-^z8!keE>u6wXY=f?gKy1r#=5`Xmn71q15l4clWHD3K=wdC-Li^^<I#qX$mzLRMc
z8goL=H8|O}=}nH{%p*05$xYMS8div_PW;yWd&%3GJu7eZ9R0brJ;&gCPQ&Z19;ZSA
z{=Q({Gjo5F_$wCfYC*v>e=Y_HwYI#T`+=)7if6I6PyY6`R>F#`{12+_gwA@2xlNik
zk+r0>B=M0<XZzo|8LwtPw(IsjbmEm#+&-y?cKam@871b-d^}H>*Vb(YZ*clI!^^*?
z$L>#BtJbsUa{hv4Cj7m7^=F*_aLFL3d}q(<nW`DP%4Y6gXS%p`N;Ln6^YwrE)o#B|
zSoHCyB{+QfxfdUJQ!Vi(=kT51mOti*E%4THb9R^4YiCa`StP8fdRAli8^x`ARC+E=
za{8F@N%7VZ{{n4Y?>q@s@hb~=zh%6Y)xA(Ry}oWs>fsk1yr(uPZ74qP`Q>}q$3q=&
zC0XZ&v}bx;tU3RpSi<(j+rtOv?w<Cor%x(z#!Jb!CPmE}2gR+g#$32RY2S|6mjV;!
zJ^OI(eZAe(9S%2a59IzgFJ;bHxvC)X$h-9`Durr&KD;nkxI@D2%&y6+ej8p4X<PgG
z^}Us=m~Fq-cAw9lWwF5bnaNy*pU0M2_#Ura_UyUu-DE>kvyOS4(@!MZO%I<ruQqYR
z`9H}VTC--H&v&-gx_o$wR!<0@<f2Xc=3D!g@7*l!_G*?!Zrv&F#k$c~E`I%Uzu=_r
z<o)YRw-rc5@ACO3A^ddnDubZ1(`|yrwa1KwUcOwp!RX3^b&`ek2Q%k9TF1WedXJvk
zGUb0w_95H6)=6fbS^s!Sw1v_g-HPiydMq24Ki&2)=RoR`<*JXDoI7~*trxq%?zNZM
zR?YvOSvPzB_riaB_FtKPL(O2y?S1Q3O0V(HC@?qJ@cZ<=CkM{GH{TGkr?D~i`$gex
z0y89a)<vH^F>9v%G8S_KjqRd`J<jp+xc9!<kv;$5Lh%Bx-yKgjD}S9SWV+osTh{-g
zt~<!-&WS4Re++`2`pvC9f4Ag*&VEIqnQSSZ41#hu+qw>U_({|*{`~Ulj+wRd!q;hR
zIzB@~o=e&CNxR_96)DnMT#MiHFYa}Nn#10D@tM-?fIx{riHT?14|(wYT6pEG>o<3k
z`fCP@<h@j9-|R|sarXF7e{Nom⋘Zkh)(6ixgE(q;1QQ*w{REqx`4&yu9nS|CC8=
zdhz)|)vP_qtKQW09sGJFqrg^mTMlS;O!0MMt3gn!)Mec?|9XK<6J?XCSbu+8ed;HV
zu#;JH>fsJvCEvC4-~X|$-sS9?YF_?t?%q5XGqZ0NZ_}GPcvWtmH&9F|jxg)FvEL$9
z`qlh{hwheem#a<e?cICeY@5*U%Bg=r2C;J~TQ2#3zGLs&kZ<*JCypJGQ#J#Qt=-(C
z(eq?MebwC<jUJAhe?T0ATM%}ggT%|jkqQ%n_f@Vn>nU56<rEwGsry>W-v9~0O+VLa
z^|YjJmH7GBpQr4KlY~&`k|z;ybM-BSCv?5s$Y^p;=;OS}a_Yyl_lYd3sE?cb^}|tv
zTT5GeCcV};aq{5QL#s7T?Kr@zyU#-9J7@Hc8LvJ|onD{ZyziZl<<k^Z5x16{y476D
zV%7$6bNH=u`x6U=%@gir_!}>qckbc8ziDTD${uZ5seP-x{erTb`-aDvc{`ha3G$TR
zb5h;CXT4>XmHeW$-xWVO#qKoV+QfhO$`y@U?(=lp0wdgnk5$h$u=+0YkMG-x*Kb_B
z->Vok$r%3l!f#^2pOBWt!~51bW3L!LVlcGi$(!F^`$XKtKdmZsE7rf`^jJ{(9jo(n
z3m0~-g3YyDx!W%(aGYx~xWRVln&2G`UB~Yy4D!Ol7XEVNPny%``1y+Em3!-s+-1+*
zU>xFF@lZBKU(3-wSCgetwc=m3eU4AhgzD9-mEm3&1Lk$<TE$7sf780+k6o4Zt-!#z
zwte?@TWoUWuNCeO&{=iB;dQCZl*=Cfb-+<omm#6sbMMr&&4>HrJ9Urc)Jw05ZZEKZ
zthD`(Q-AyF>9ZTki<<@RzB}MjYbNe?z2)nj6SFVbDx3A($UJE#BRFYBvzA)JtC^)<
zZV$J_%P5AO;cK+}D^;qxRHF7T%e<m*wW^;Ed$4amB~)<7Sagwxw@T=>g#XioH9EN?
z-$+L4wgftBm&{DHNq+Ze)AEClUd-&|KNdK5a_5{^VRv>tX?;_@*MrBNUpu<^P2?NN
zw+%}bBr;#loH0kX(M;Iw>&(Oi_WQ3TUp!{pxI5%BKfkQ4iD^pVZ?P$tkMT0=-G+Jb
znn{nIaqs7XT*Vxl8En7TEJ@#@(vx(^KzUvB*16_Qd*<vkIJKijRQIW7hi>*nc{f$p
z3acV^$C+0%PV`KYc2kYL?D46@<-<{p7pHH2pL&8{S^7=_lWIhT^tavH7cF?kwk^k&
zH84lPzUNi+g3Yd3Q?C6q@TxQD*vvk&bmM>d&8gx&{<9wRoVK))c-L|-Nn);3dAe%d
z?R~u4f3q(*+;Z{n&xJ>CChog={HVdI>2t1epUGKju*g6uB{;fNf>Wur!0NEyY$Y>0
zF2A}?fg7{+ru{ymdN3wf{&~{ofC;l%xs_}4EQ_Zz{Md0r=UTDV{D!7OOcs&zTq?4x
z&TKs^FkiRHKza7+<9f-j1&{iAZ%gc4@r8-Qc(dT^_kA-&6nkdWdiZ&!yt<{Jr^is0
z=6B+hzGKi5`TYI++x{3_a_~*n%4zys@ZHVQ>h|q|rE8ehxn*4_-`jI;*=mj$#hwyf
zr;9gh_)|^4ez0EK`D8Wkj;IOk*Vsh^ZWjrBXJ>nu{<J51ZS9JLs<{67JqHqI8c5BU
z<(TNmStWIPXX2Su>6i0aTLl$o-(PjuW9CVIWwn?V(Gz?n2hQb2FI<~_AY0`6_2=_0
zp6@%<G2v|gA&)-&R>A7K$1W*P**&jV^N6hV6O*3T?xO$pl@*<;w*zN(5x1fm%bpW%
zE{QHDp1CKgu>Uo?`^*W>$@>1xY5y(X6VJBiNL;LN+nwRFm^bgC#M|5T4aba?QiP+;
zdNP)TZ;HI&vA!iIPrC)Qv|!UW^bTzI?!1x@3vRU)zL+5O?WCn!i@+kDX}rqczO=W^
z$<{j6w>ND|@p7(m-=@75`vf=qKGZhp4QLr*>V_nVlV(@!n_G9kydjW~FMW^WMr~lI
z?GbCR2^u|5Zgl+ra_Sv-tDvGwWFV+R>B6D-y8Dm^A86e}Wc+FlW#=Q@#tDb~q^%Tm
zO}+f)F1@2Ks(kH!U--VjwIXh6W(Nhhj3rMR+|U=5&~g_Po6ICFtb5Pse)pjcfkkJ+
z1l@L>$e!uAX1b=#qV5Z!QvBT01w=%;9%N;+&9_i&nVDIzp~T%U(Qwh9n4KRxZfxvZ
z!zvhK>;K#M&J7pNlPgc0?r5JkCs*T=S7OP>DC0d_`W$?FS8gv|SR>B$&g{^~FNQhM
zYgV(?`*Yv>wAwMzg(EO+HJ9>jZq^L_KIgp8CVD$9lM|wN(ywRqd=GUp`63e@%vAXF
z8_OpBA4=N|_%BNO3b?T(WIR)xBU@`|c&%@Xl3`v-+rmBnB^Sl~xE-)$>LHDl+xShV
zZvRm5!EQ_0ndz%{CA|7xC?a~_!8=vW+{VJ%Dks>NC;zAZM$Vqew;v~ghJ2^oTy@AJ
z_B`j}$IKElUo<r?v!7Qtqj|*&5zCc<J`%QWGkW!WVwnOX0=qY^v)*y0HPFV*ef7+z
zUoYAkb~?>WJXLu+V8PTw8IAc#%6hwGCZ3r+&)wb6!hG((1>AyViW>XBG59}kn{iww
z<8)-)G=DGCe;?QXKe*dnc296EXka9D+b)Bon9Lc@-hn(f3Qq36-F~et?T%(oG|%FI
zK-s8w_m2kLe*4p)s9{AOhitBG#-3>{JA9?xb_d@5#}HNhU19Mu`FqDh5^{=|qRZwx
zgn!S?SdsZCFJHQ^pmhJ*^dnYpB@ew81<&7{%DI}j<jgew#cKnMH#iklu{p86`MTh~
zfKb&u?dv9mPEoT2_|$HFF8zKeAb#@pKUo11f=*K;TPMnBw@y@ob3kt1v=3Z+E457c
z>I%w10a}VJYu1Y%?r59vfdBad4wDuZMVFbn(r)ZC_8&=QpZ8lb=gz^e-#+&VDz<2V
z8XBNsA%5+aiCS0q<e&Oo7j)WpPI0U9jqUNF=e~Ced{RB#CMfMPE2?TwwpL1V!us5m
zE8aZI+m^6iQ}AeV|Is?NjvEe>{@MvT?aR4oko5o5<Xnc6$2JyRzrQWldPnsB&PTd;
zat_s%r|kD{nV`Se;MS2P|K+>({*C@tKl#M3=pDTC4|Pn)cTU{WnR}%E+~1pl5`vqo
zMBHXev|c>soal1mRe(fpl8Bo$f2*M4>dmVRl8!6PT66l@vb#yzAJ1P;ij#Hy)TQ65
zaj(AaAJ4mQ{)-lF6#n})e4>qg-=sH2pLpzIDq_FQsQfEux?TEX#vb9Ywm-Y>dzqLp
z>03U%?^GwTa?t}n>8?*+7em9l?$6kC!`gYp?y!v(C+>5$XI!~@w{d=};(9~X`|XE1
zCR~k7mGFIZ^|9cMS1%t`y;t5dQ|xh%zf#m}DMK?`7IR0HW7c_(qK=Cw$(-4dx+iG$
z#rszqA5PPn^HtF4&i!V`LjH4AaYruSmtVNET<GdbM-Kf}?*8uLRoSlH%<nfce@lIy
z^7!y-^%FZQ<>%kq=a3r3CdGc_g^YyjoN$9<^Y=Q$zGnE9<)V=-cd($CwdclP+lSpR
zkJlD#wBzl+z`f&8%f*U#ZMA1=4|3kOO*>~+(v>dow2sd>-)_<CIL1xy_!h3-%bG9m
z-FlJ7cx`US>*n(X7w?O{J?#8KuwVJcMZt3R^a~aHxi>p6_5Nmg$a~ei<@QnS>=!QC
zHk~;V!Lz@rdD97nkgdHB;<EL%g#T2$|Lpao?P8oW%dX9jb#h%#HS^6d>^~~2e8OA!
z(VoMa%l;_5`~F37=FIP#O`n-Ad-5C9cC=c}v)FRk@<Qp>o8bl*0*;$riBgxHFf+dA
z-tqH0C&n4S^GR5>FQIVet&N-(hW&oe4=b#acAwI1$8`DKq6JT^md$jFxvS1;+<Wtd
zwDfbQBib4)JB<=eBBpGKIB%mPyk73xf;9`pnHQ~|wBf>+<6m+n`<(X>H}iRLH{-?O
zfXC1035rYYQx}*zt-pG%vd`ZoKT9K$OZJG*n)PSi#pb$ircVzWZ<E;kH+Myz?4iG_
z+<MA8cjR`b9$K--WmR0AqSf)^1zWcW@TDDpUhQ^l$4%4D=<Dkaoqx&mzBaD&j=`+u
z*@B(37J1*<Vk_M8E9!W`>U5rMzs}8&S>O7r@$im|#vQ@CfAVTY+Hxs7g{5Cj6cK;f
zzq7yIJuHIbdWZYdvWH=5CV2+E1v}=d-cnODw7SV&Y<tpZ(K`1IVUB>h<!mpH-qrB`
z=K5}LyNBP|C?Pk{gzTeNeY3Z(cdW=33SY#sVt(yO?!}LrDtxxYwQv1w`C~WR$3rjN
z+$_X3UR|3wLuv=RwzfNu?OeyDArh%mmnCmoD>A)%cEFSgHv9RKOYCMf9=OTezdW_d
zjV;~q)R$>C&c=o@(HzqK0u>xih96hRrpF2y9Np8Gva<Hvi3zL3CC+{E(^D|o&uN<Z
z&_|+I`NR>ya4w?<QmThu<SM?ejXOF0kjK{<%u?B1g$df$^%DEy!eS~j{P>x4axZ*U
zXrA4#liNJoYQLlEYIjf;U!&E-GSSIm?nPIRB&{=Bd?(JC#9><;{zOE?amLK<&x+3l
z%I`7v?fdwl#Nhd~hx7Dx+@{RezPut@(R4e<%Z-W`Ov;>!Vi>NR=a?Y#vR8Q9yc5Dx
z6<i)1@Tpc@AJFpU3{OQxrSdWV4H5mZ%hOY&xIPyrW~ZHe+q`QTuW(-Ag^dNyaeh{P
z=ijgQPGI8d_7Zsdo=ttf3&$H@)%6EY@qE0gls138!lBFgb+WrQh`A`)+e=G&PO2>R
zJ((R-@iwn)d4Zl8H|x&G4F;Fmvm>}Z8RaMTa4Ns7-DY}i`l|GX2Q71srpo+%JW=Ky
z@AV5JA|hf3PJU7WrJFwnmmKXccdtHmx+P#n=Vdnbi8Wj0mR7pH*ip~RKGSMqYkA@3
zH8N|jR^CutjuccKHf9~k&Qrtpl|5+}3{(LnsrEw|!ix=VRcQ2ZM9Ok4_U$>8@pz$u
zQc9^tkD1}G++Drk@@t{Nts^hOcbm)ox|-({mVOg7m1}19@?%eikMhxI3%=jq<QIJG
z;rQuxx=pb6i`R+mizmi${w%}Yu97PTwX2GstY9mS;rrMps@Rf~cDhZl`jn&dxvgBO
z$K$$h?hJ0-&37Pf!aa=}(xPQ=Z=IDDznSdHp$O_htK1Iw&m;COD4DroZ)o}Ag!k8y
zm^(pjpBzx*YQ=w_Q*1)g6F_xbs&k?WJ7|^A8htKhOVIj<l-jjgJvS0X^nUItynOu4
z9)(jrEwLQ}GX>@L>{>J9hs%oBmXGs%_1^E)=k(g!YG6KDHTBI0{x=syH<eD`YT(kE
z^V4Xbh?{lDH^=Dn4Ao^G&%VoCInXJ5%%bXnd0fF7RxV|yj!jXa5}eY@Ka}lZv^rCA
z=WE=b-@%4wVwoO1R&t05vbyxCOYqsl6IZu>?KpJ$`g*~4f`@oF9$@pDWx&1jkcErd
zGbah*BUg-_DvI=qE+sEC-_NU85i@7Pj7e>G4kdBy`Ex;~u6Nld4T-2-#mUMWljSyk
zy=1&jK~a%a?^>Hrz_Np_k$tkIX4-~Av&_U*o4=o|l#Tzi)Zo%3>%PnBa|=@VjsL%n
zyKyr*;rO=L4O=!J^?UY{*}XI|C8dSAy6j`qlk69>Di^F-#U$u>am6Z)rmKc)RnG^5
zS`k;Z4rho7Cm-&x$?jdJXgKdo$Mg1IeuvI<TkhC(EU9cy+Qxk;Kk`m)xKrqwbms(*
z^V0{?A~9vh|E|nbah<+krwwc8^<5JL3#Uc5trZuq7d)Rn`+<z^p&M&UJZJXnt!hsb
zeD$jD;Yr36gVgWqmmV|^Y_UG%Vbb4s@bE$Qd41njNX&8U_}|a1JgxC*q^HE&!1k#d
z&(+K{4cWfp(7k&+x65Q3R(8te?-X4rW#|~vJZsiZgH?&kv_BQjxO=Te77{I~5@#QJ
zC2Cc<s|C&vKfrr(uY_CB;d=cm(|H%SChotPAjsRhz-Y1H;kmp5qEn6bYD?$MY&Do9
zH>pOkhi%^9My+M*G{QU9{QSC7dRKD655ZrriXTdZwd~tg^~J8PZ^MDFT#Iur7}>CD
zYiqyAUh!#KbZ6sKabXuz4X@6YSBb_U8xoIfu-{m|kq_MRUu)I#sK)2w=RdMc=PlMq
zxRpLy-tqnXpCk#^oAVAgRB)V~yO(2&{Xt!2{T`<o7hbLMb1QI^-E~`T!P;#So!p5>
zbb@bvm#P$>`#>zVapFI{p8XZ=FIK$R%DK4pa>?z`gv|8jxmxWBSxegEx4%6exh$q^
z=hQbBw?C|MPThGi;BK)9r>kg;{>v$^o?C%)%2x0IUhBkFZG7+9+7AEzR`8kq>em^S
z$}+!l&GUDze<(fm^p~Ebhc92Yw%jpNY1yGy3EH2qXpKhClL)<@YqQqfjMVE%$&X6_
zx5q_WC(3m3EPe`Za)LM@OCU{7c`wzL311<r#{Vpo5pgwYY2j)WRCIZ%BklG^A#W4&
y`M*47UmjHX2wZ$n1zO??9r$X*y-56@{jEnwSIrWTTFbz|z~JfX=d#Wzp$PzT*_PA*
literal 0
HcmV?d00001
diff --git a/grafana_dashboard/Snort Dashboard-v05.json b/grafana_dashboard/Snort Dashboard-v05.json
new file mode 100644
index 0000000..475b09c
--- /dev/null
+++ b/grafana_dashboard/Snort Dashboard-v05.json
@@ -0,0 +1,1504 @@
+{
+ "__inputs": [
+ {
+ "name": "DS_ELASTICSEARCH",
+ "label": "elasticsearch",
+ "description": "",
+ "type": "datasource",
+ "pluginId": "elasticsearch",
+ "pluginName": "Elasticsearch"
+ }
+ ],
+ "__requires": [
+ {
+ "type": "datasource",
+ "id": "elasticsearch",
+ "name": "Elasticsearch",
+ "version": "5.0.0"
+ },
+ {
+ "type": "grafana",
+ "id": "grafana",
+ "name": "Grafana",
+ "version": "5.3.2"
+ },
+ {
+ "type": "panel",
+ "id": "grafana-clock-panel",
+ "name": "Clock",
+ "version": "1.0.2"
+ },
+ {
+ "type": "panel",
+ "id": "grafana-piechart-panel",
+ "name": "Pie Chart",
+ "version": "1.3.6"
+ },
+ {
+ "type": "panel",
+ "id": "grafana-worldmap-panel",
+ "name": "Worldmap Panel",
+ "version": "0.2.0"
+ },
+ {
+ "type": "panel",
+ "id": "graph",
+ "name": "Graph",
+ "version": "5.0.0"
+ },
+ {
+ "type": "panel",
+ "id": "singlestat",
+ "name": "Singlestat",
+ "version": "5.0.0"
+ },
+ {
+ "type": "panel",
+ "id": "table",
+ "name": "Table",
+ "version": "5.0.0"
+ }
+ ],
+ "annotations": {
+ "list": [
+ {
+ "builtIn": 1,
+ "datasource": "-- Grafana --",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "name": "Annotations & Alerts",
+ "type": "dashboard"
+ }
+ ]
+ },
+ "description": "Snort Dashboard",
+ "editable": true,
+ "gnetId": 3099,
+ "graphTooltip": 0,
+ "id": null,
+ "iteration": 1561322148390,
+ "links": [
+ {
+ "asDropdown": true,
+ "icon": "external link",
+ "tags": [],
+ "type": "dashboards"
+ }
+ ],
+ "panels": [
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 0
+ },
+ "id": 17,
+ "panels": [],
+ "repeat": null,
+ "title": "Event Severity",
+ "type": "row"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": "${DS_ELASTICSEARCH}",
+ "editable": true,
+ "error": false,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 6,
+ "x": 0,
+ "y": 1
+ },
+ "id": 9,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(189, 31, 111, 0.18)",
+ "full": true,
+ "lineColor": "#bf1b00",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "bucketAggs": [
+ {
+ "field": "@timestamp",
+ "id": "2",
+ "settings": {
+ "interval": "auto",
+ "min_doc_count": 0,
+ "trimEdges": 0
+ },
+ "type": "date_histogram"
+ }
+ ],
+ "dsType": "elasticsearch",
+ "metrics": [
+ {
+ "field": "select field",
+ "id": "1",
+ "type": "count"
+ }
+ ],
+ "query": "severity.keyword:High AND $sensor_name",
+ "refId": "A",
+ "timeField": "@timestamp"
+ }
+ ],
+ "thresholds": "",
+ "title": "High Severity",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "total"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": "${DS_ELASTICSEARCH}",
+ "editable": true,
+ "error": false,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 6,
+ "x": 6,
+ "y": 1
+ },
+ "id": 10,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(204, 181, 21, 0.18)",
+ "full": true,
+ "lineColor": "rgb(193, 180, 31)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "bucketAggs": [
+ {
+ "field": "@timestamp",
+ "id": "2",
+ "settings": {
+ "interval": "auto",
+ "min_doc_count": 0,
+ "trimEdges": 0
+ },
+ "type": "date_histogram"
+ }
+ ],
+ "dsType": "elasticsearch",
+ "metrics": [
+ {
+ "field": "select field",
+ "id": "1",
+ "type": "count"
+ }
+ ],
+ "query": "severity.keyword:Medium AND $sensor_name",
+ "refId": "A",
+ "timeField": "@timestamp"
+ }
+ ],
+ "thresholds": "",
+ "title": "Medium Severity",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "total"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": "${DS_ELASTICSEARCH}",
+ "editable": true,
+ "error": false,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 6,
+ "x": 12,
+ "y": 1
+ },
+ "id": 11,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 204, 21, 0.18)",
+ "full": true,
+ "lineColor": "rgb(8, 126, 33)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "bucketAggs": [
+ {
+ "field": "@timestamp",
+ "id": "2",
+ "settings": {
+ "interval": "auto",
+ "min_doc_count": 0,
+ "trimEdges": 0
+ },
+ "type": "date_histogram"
+ }
+ ],
+ "dsType": "elasticsearch",
+ "metrics": [
+ {
+ "field": "select field",
+ "id": "1",
+ "type": "count"
+ }
+ ],
+ "query": "severity.keyword:Low AND $sensor_name",
+ "refId": "A",
+ "timeField": "@timestamp"
+ }
+ ],
+ "thresholds": "",
+ "title": "Low Severity",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "total"
+ },
+ {
+ "bgColor": null,
+ "clockType": "24 hour",
+ "countdownSettings": {
+ "customFormat": null,
+ "endCountdownTime": "2017-08-31T13:35:00.000Z",
+ "endText": "00:00:00"
+ },
+ "dateSettings": {
+ "dateFormat": "YYYY-MM-DD",
+ "fontSize": "20px",
+ "fontWeight": "normal",
+ "showDate": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 6,
+ "x": 18,
+ "y": 1
+ },
+ "id": 16,
+ "links": [],
+ "mode": "time",
+ "offsetFromUtc": null,
+ "offsetFromUtcMinutes": null,
+ "refreshSettings": {
+ "syncWithDashboard": false
+ },
+ "timeSettings": {
+ "customFormat": "HH:mm:ss",
+ "fontSize": "54px",
+ "fontWeight": "normal"
+ },
+ "title": "Current Time",
+ "type": "grafana-clock-panel"
+ },
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 4
+ },
+ "id": 18,
+ "panels": [],
+ "repeat": null,
+ "title": "Row",
+ "type": "row"
+ },
+ {
+ "aliasColors": {
+ "Events": "#962d82"
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "${DS_ELASTICSEARCH}",
+ "editable": true,
+ "error": false,
+ "fill": 1,
+ "grid": {},
+ "gridPos": {
+ "h": 9,
+ "w": 14,
+ "x": 0,
+ "y": 5
+ },
+ "id": 1,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "hideEmpty": false,
+ "hideZero": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sort": null,
+ "sortDesc": null,
+ "total": true,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 2,
+ "points": true,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "/.*Low/",
+ "color": "#629e51"
+ },
+ {
+ "alias": "/.*High/",
+ "color": "#bf1b00"
+ },
+ {
+ "alias": "/.*Medium/",
+ "color": "#e5ac0e"
+ }
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": true,
+ "targets": [
+ {
+ "alias": "{{sensor_name.keyword}} severity {{severity.keyword}}",
+ "bucketAggs": [
+ {
+ "fake": true,
+ "field": "severity.keyword",
+ "id": "5",
+ "settings": {
+ "min_doc_count": 1,
+ "order": "desc",
+ "orderBy": "_term",
+ "size": "10"
+ },
+ "type": "terms"
+ },
+ {
+ "fake": true,
+ "field": "sensor_name.keyword",
+ "id": "4",
+ "settings": {
+ "min_doc_count": 1,
+ "order": "desc",
+ "orderBy": "_term",
+ "size": "10"
+ },
+ "type": "terms"
+ },
+ {
+ "field": "@timestamp",
+ "id": "2",
+ "settings": {
+ "interval": "auto",
+ "min_doc_count": 0,
+ "trimEdges": 0
+ },
+ "type": "date_histogram"
+ }
+ ],
+ "dsType": "elasticsearch",
+ "metrics": [
+ {
+ "field": "select field",
+ "id": "3",
+ "type": "count"
+ }
+ ],
+ "query": "$sensor_name",
+ "refId": "A",
+ "timeField": "@timestamp"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Event by sensor",
+ "tooltip": {
+ "msResolution": true,
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "transparent": false,
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": "Events",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "breakPoint": "50%",
+ "cacheTimeout": null,
+ "combine": {
+ "label": "Others",
+ "threshold": 0
+ },
+ "datasource": "${DS_ELASTICSEARCH}",
+ "editable": true,
+ "error": false,
+ "fontSize": "60%",
+ "format": "short",
+ "gridPos": {
+ "h": 9,
+ "w": 10,
+ "x": 14,
+ "y": 5
+ },
+ "height": "250px",
+ "id": 14,
+ "interval": null,
+ "legend": {
+ "show": true,
+ "values": true
+ },
+ "legendType": "Right side",
+ "links": [],
+ "maxDataPoints": 3,
+ "nullPointMode": "connected",
+ "pieType": "donut",
+ "strokeWidth": 1,
+ "targets": [
+ {
+ "bucketAggs": [
+ {
+ "fake": true,
+ "field": "alert_description.keyword",
+ "id": "3",
+ "settings": {
+ "min_doc_count": 1,
+ "order": "desc",
+ "orderBy": "_count",
+ "size": "10"
+ },
+ "type": "terms"
+ },
+ {
+ "field": "@timestamp",
+ "id": "2",
+ "settings": {
+ "interval": "auto",
+ "min_doc_count": 0,
+ "trimEdges": 0
+ },
+ "type": "date_histogram"
+ }
+ ],
+ "dsType": "elasticsearch",
+ "metrics": [
+ {
+ "field": "alert_description",
+ "id": "1",
+ "meta": {},
+ "settings": {},
+ "type": "count"
+ }
+ ],
+ "query": "$sensor_name",
+ "refId": "A",
+ "timeField": "@timestamp"
+ }
+ ],
+ "title": "Top Alert Type",
+ "type": "grafana-piechart-panel",
+ "valueName": "total"
+ },
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 14
+ },
+ "id": 19,
+ "panels": [],
+ "repeat": null,
+ "title": "New row",
+ "type": "row"
+ },
+ {
+ "circleMaxSize": 30,
+ "circleMinSize": 2,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": "${DS_ELASTICSEARCH}",
+ "decimals": 0,
+ "editable": true,
+ "error": false,
+ "esGeoPoint": "DstGeoip.location",
+ "esLocationName": "DstGeoip.ip",
+ "esMetric": "Count",
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 15
+ },
+ "hideEmpty": false,
+ "hideTimeOverride": false,
+ "hideZero": false,
+ "id": 3,
+ "initialZoom": 1,
+ "jsonUrl": "",
+ "links": [],
+ "locationData": "geohash",
+ "mapCenter": "Europe",
+ "mapCenterLatitude": 46,
+ "mapCenterLongitude": 14,
+ "maxDataPoints": 1,
+ "mouseWheelZoom": false,
+ "showLegend": true,
+ "stickyLabels": false,
+ "tableLabel": "DstGeo",
+ "tableQueryOptions": {
+ "geohashField": "geohash",
+ "latitudeField": "latitude",
+ "longitudeField": "longitude",
+ "metricField": "metric",
+ "queryType": "geohash"
+ },
+ "targets": [
+ {
+ "bucketAggs": [
+ {
+ "fake": true,
+ "field": "DstGeoip.ip",
+ "id": "5",
+ "settings": {
+ "min_doc_count": 1,
+ "order": "asc",
+ "orderBy": "_term",
+ "size": "10"
+ },
+ "type": "terms"
+ },
+ {
+ "fake": true,
+ "field": "DstGeoip.location",
+ "id": "3",
+ "settings": {
+ "precision": 3
+ },
+ "type": "geohash_grid"
+ }
+ ],
+ "dsType": "elasticsearch",
+ "metrics": [
+ {
+ "field": "ip",
+ "id": "1",
+ "meta": {},
+ "settings": {},
+ "type": "count"
+ }
+ ],
+ "query": "",
+ "refId": "A",
+ "timeField": "@timestamp"
+ }
+ ],
+ "thresholds": "0,10",
+ "timeFrom": null,
+ "title": "Destination IPs",
+ "transparent": false,
+ "type": "grafana-worldmap-panel",
+ "unitPlural": "ips",
+ "unitSingle": "",
+ "unitSingular": "ip",
+ "valueName": "total"
+ },
+ {
+ "circleMaxSize": 30,
+ "circleMinSize": 2,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": "${DS_ELASTICSEARCH}",
+ "decimals": 0,
+ "editable": true,
+ "error": false,
+ "esGeoPoint": "SrcGeoip.location",
+ "esLocationName": "SrcGeoip.ip",
+ "esMetric": "Count",
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 12,
+ "y": 15
+ },
+ "hideEmpty": false,
+ "hideTimeOverride": false,
+ "hideZero": false,
+ "id": 21,
+ "initialZoom": 1,
+ "jsonUrl": "",
+ "links": [],
+ "locationData": "geohash",
+ "mapCenter": "Europe",
+ "mapCenterLatitude": 46,
+ "mapCenterLongitude": 14,
+ "maxDataPoints": 1,
+ "mouseWheelZoom": false,
+ "showLegend": true,
+ "stickyLabels": false,
+ "tableLabel": "DstGeo",
+ "tableQueryOptions": {
+ "geohashField": "geohash",
+ "latitudeField": "latitude",
+ "longitudeField": "longitude",
+ "metricField": "metric",
+ "queryType": "geohash"
+ },
+ "targets": [
+ {
+ "bucketAggs": [
+ {
+ "fake": true,
+ "field": "SrcGeoip.ip",
+ "id": "5",
+ "settings": {
+ "min_doc_count": 1,
+ "order": "asc",
+ "orderBy": "_term",
+ "size": "10"
+ },
+ "type": "terms"
+ },
+ {
+ "fake": true,
+ "field": "SrcGeoip.location",
+ "id": "3",
+ "settings": {
+ "precision": 3
+ },
+ "type": "geohash_grid"
+ }
+ ],
+ "dsType": "elasticsearch",
+ "metrics": [
+ {
+ "field": "ip",
+ "id": "1",
+ "meta": {},
+ "settings": {},
+ "type": "count"
+ }
+ ],
+ "query": "",
+ "refId": "A",
+ "timeField": "@timestamp"
+ }
+ ],
+ "thresholds": "0,10",
+ "timeFrom": null,
+ "title": "Source IPs",
+ "transparent": false,
+ "type": "grafana-worldmap-panel",
+ "unitPlural": "ips",
+ "unitSingle": "",
+ "unitSingular": "ip",
+ "valueName": "total"
+ },
+ {
+ "columns": [
+ {
+ "text": "event_timestamp",
+ "value": "event_timestamp"
+ },
+ {
+ "text": "sensor_name",
+ "value": "sensor_name"
+ },
+ {
+ "text": "alert_description",
+ "value": "alert_description"
+ },
+ {
+ "text": "SrcIp",
+ "value": "SrcIp"
+ },
+ {
+ "text": "SrcPort",
+ "value": "SrcPort"
+ },
+ {
+ "text": "DstIp",
+ "value": "DstIp"
+ },
+ {
+ "text": "DstPort",
+ "value": "DstPort"
+ },
+ {
+ "text": "classification",
+ "value": "classification"
+ }
+ ],
+ "datasource": "${DS_ELASTICSEARCH}",
+ "editable": true,
+ "error": false,
+ "fontSize": "90%",
+ "gridPos": {
+ "h": 8,
+ "w": 24,
+ "x": 0,
+ "y": 24
+ },
+ "height": "300px",
+ "id": 5,
+ "links": [],
+ "pageSize": null,
+ "scroll": true,
+ "showHeader": true,
+ "sort": {
+ "col": 0,
+ "desc": true
+ },
+ "styles": [
+ {
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "@timestamp",
+ "thresholds": [],
+ "type": "date",
+ "unit": "short"
+ },
+ {
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [],
+ "type": "string",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "alias": "Alert_description",
+ "bucketAggs": [],
+ "dsType": "elasticsearch",
+ "metrics": [
+ {
+ "field": "select field",
+ "id": "1",
+ "meta": {},
+ "settings": {
+ "size": 500
+ },
+ "type": "raw_document"
+ }
+ ],
+ "query": "$sensor_name",
+ "refId": "A",
+ "timeField": "@timestamp"
+ }
+ ],
+ "title": "Panel Title",
+ "transform": "json",
+ "type": "table"
+ },
+ {
+ "aliasColors": {},
+ "breakPoint": "50%",
+ "cacheTimeout": null,
+ "combine": {
+ "label": "Others",
+ "threshold": 0
+ },
+ "datasource": "${DS_ELASTICSEARCH}",
+ "editable": true,
+ "error": false,
+ "fontSize": "60%",
+ "format": "short",
+ "gridPos": {
+ "h": 7,
+ "w": 6,
+ "x": 0,
+ "y": 32
+ },
+ "height": "250px",
+ "id": 7,
+ "interval": null,
+ "legend": {
+ "show": true,
+ "values": true
+ },
+ "legendType": "Right side",
+ "links": [],
+ "maxDataPoints": 3,
+ "nullPointMode": "connected",
+ "pieType": "pie",
+ "strokeWidth": 1,
+ "targets": [
+ {
+ "bucketAggs": [
+ {
+ "fake": true,
+ "field": "SrcIp",
+ "id": "3",
+ "settings": {
+ "min_doc_count": 1,
+ "order": "desc",
+ "orderBy": "_count",
+ "size": "10"
+ },
+ "type": "terms"
+ },
+ {
+ "field": "@timestamp",
+ "id": "2",
+ "settings": {
+ "interval": "auto",
+ "min_doc_count": 0,
+ "trimEdges": 0
+ },
+ "type": "date_histogram"
+ }
+ ],
+ "dsType": "elasticsearch",
+ "metrics": [
+ {
+ "field": "select field",
+ "id": "1",
+ "meta": {},
+ "settings": {},
+ "type": "count"
+ }
+ ],
+ "query": "$sensor_name",
+ "refId": "A",
+ "timeField": "@timestamp"
+ }
+ ],
+ "title": "Top Source IP",
+ "type": "grafana-piechart-panel",
+ "valueName": "total"
+ },
+ {
+ "aliasColors": {},
+ "breakPoint": "50%",
+ "cacheTimeout": null,
+ "combine": {
+ "label": "Others",
+ "threshold": 0
+ },
+ "datasource": "${DS_ELASTICSEARCH}",
+ "editable": true,
+ "error": false,
+ "fontSize": "60%",
+ "format": "short",
+ "gridPos": {
+ "h": 7,
+ "w": 6,
+ "x": 6,
+ "y": 32
+ },
+ "height": "250px",
+ "id": 8,
+ "interval": null,
+ "legend": {
+ "show": true,
+ "values": true
+ },
+ "legendType": "Right side",
+ "links": [],
+ "maxDataPoints": 3,
+ "nullPointMode": "connected",
+ "pieType": "pie",
+ "strokeWidth": 1,
+ "targets": [
+ {
+ "bucketAggs": [
+ {
+ "fake": true,
+ "field": "DstPort",
+ "id": "3",
+ "settings": {
+ "min_doc_count": 1,
+ "order": "desc",
+ "orderBy": "_count",
+ "size": "10"
+ },
+ "type": "terms"
+ },
+ {
+ "field": "@timestamp",
+ "id": "2",
+ "settings": {
+ "interval": "auto",
+ "min_doc_count": 0,
+ "trimEdges": 0
+ },
+ "type": "date_histogram"
+ }
+ ],
+ "dsType": "elasticsearch",
+ "metrics": [
+ {
+ "field": "select field",
+ "id": "1",
+ "meta": {},
+ "settings": {},
+ "type": "count"
+ }
+ ],
+ "query": "$sensor_name",
+ "refId": "A",
+ "timeField": "@timestamp"
+ }
+ ],
+ "title": "Top Destination Port",
+ "type": "grafana-piechart-panel",
+ "valueName": "total"
+ },
+ {
+ "aliasColors": {},
+ "breakPoint": "50%",
+ "cacheTimeout": null,
+ "combine": {
+ "label": "Others",
+ "threshold": 0
+ },
+ "datasource": "${DS_ELASTICSEARCH}",
+ "editable": true,
+ "error": false,
+ "fontSize": "60%",
+ "format": "short",
+ "gridPos": {
+ "h": 7,
+ "w": 6,
+ "x": 12,
+ "y": 32
+ },
+ "height": "300px",
+ "id": 6,
+ "interval": null,
+ "legend": {
+ "show": true,
+ "values": true
+ },
+ "legendType": "Right side",
+ "links": [],
+ "maxDataPoints": 3,
+ "nullPointMode": "connected",
+ "pieType": "pie",
+ "strokeWidth": 1,
+ "targets": [
+ {
+ "bucketAggs": [
+ {
+ "fake": true,
+ "field": "DstIp",
+ "id": "3",
+ "settings": {
+ "min_doc_count": 1,
+ "order": "desc",
+ "orderBy": "_count",
+ "size": "10"
+ },
+ "type": "terms"
+ },
+ {
+ "field": "@timestamp",
+ "id": "2",
+ "settings": {
+ "interval": "auto",
+ "min_doc_count": 0,
+ "trimEdges": 0
+ },
+ "type": "date_histogram"
+ }
+ ],
+ "dsType": "elasticsearch",
+ "metrics": [
+ {
+ "field": "select field",
+ "id": "1",
+ "meta": {},
+ "settings": {},
+ "type": "count"
+ }
+ ],
+ "query": "$sensor_name",
+ "refId": "A",
+ "timeField": "@timestamp"
+ }
+ ],
+ "title": "Top Destination IP",
+ "type": "grafana-piechart-panel",
+ "valueName": "total"
+ },
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 39
+ },
+ "id": 20,
+ "panels": [],
+ "repeat": null,
+ "title": "New row",
+ "type": "row"
+ },
+ {
+ "aliasColors": {
+ "TCP": "#1f78c1",
+ "UDP": "#cca300",
+ "tcp": "#6D1F62",
+ "udp": "#64B0C8"
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "${DS_ELASTICSEARCH}",
+ "editable": true,
+ "error": false,
+ "fill": 1,
+ "grid": {},
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 0,
+ "y": 40
+ },
+ "id": 13,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "bucketAggs": [
+ {
+ "fake": true,
+ "field": "protocol.keyword",
+ "id": "3",
+ "settings": {
+ "min_doc_count": 1,
+ "order": "asc",
+ "orderBy": "_term",
+ "size": "10"
+ },
+ "type": "terms"
+ },
+ {
+ "field": "@timestamp",
+ "id": "2",
+ "settings": {
+ "interval": "auto",
+ "min_doc_count": 0,
+ "trimEdges": 0
+ },
+ "type": "date_histogram"
+ }
+ ],
+ "dsType": "elasticsearch",
+ "metrics": [
+ {
+ "field": "select field",
+ "id": "1",
+ "type": "count"
+ }
+ ],
+ "query": "$sensor_name",
+ "refId": "A",
+ "timeField": "@timestamp"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Protocole vs Time",
+ "tooltip": {
+ "msResolution": true,
+ "shared": true,
+ "sort": 0,
+ "value_type": "cumulative"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": "Events",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "breakPoint": "50%",
+ "cacheTimeout": null,
+ "combine": {
+ "label": "Others",
+ "threshold": 0
+ },
+ "datasource": "${DS_ELASTICSEARCH}",
+ "editable": true,
+ "error": false,
+ "fontSize": "80%",
+ "format": "short",
+ "gridPos": {
+ "h": 7,
+ "w": 10,
+ "x": 12,
+ "y": 40
+ },
+ "id": 15,
+ "interval": null,
+ "legend": {
+ "show": true,
+ "values": true
+ },
+ "legendType": "Right side",
+ "links": [],
+ "maxDataPoints": 3,
+ "nullPointMode": "connected",
+ "pieType": "donut",
+ "strokeWidth": 1,
+ "targets": [
+ {
+ "bucketAggs": [
+ {
+ "fake": true,
+ "field": "classification.keyword",
+ "id": "3",
+ "settings": {
+ "min_doc_count": 1,
+ "order": "desc",
+ "orderBy": "_count",
+ "size": "10"
+ },
+ "type": "terms"
+ },
+ {
+ "field": "@timestamp",
+ "id": "2",
+ "settings": {
+ "interval": "auto",
+ "min_doc_count": 0,
+ "trimEdges": 0
+ },
+ "type": "date_histogram"
+ }
+ ],
+ "dsType": "elasticsearch",
+ "metrics": [
+ {
+ "field": "select field",
+ "id": "1",
+ "type": "count"
+ }
+ ],
+ "query": "$sensor_name",
+ "refId": "A",
+ "timeField": "@timestamp"
+ }
+ ],
+ "title": "Top Classifications",
+ "type": "grafana-piechart-panel",
+ "valueName": "total"
+ }
+ ],
+ "refresh": false,
+ "schemaVersion": 16,
+ "style": "dark",
+ "tags": [],
+ "templating": {
+ "list": [
+ {
+ "allValue": null,
+ "current": {},
+ "datasource": "${DS_ELASTICSEARCH}",
+ "hide": 0,
+ "includeAll": true,
+ "label": "sensor_location",
+ "multi": true,
+ "name": "sensor_name",
+ "options": [],
+ "query": "{\"find\":\"terms\",\"field\":\"sensor_name.keyword\"}",
+ "refresh": 2,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 0,
+ "tagValuesQuery": "",
+ "tags": [],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now/d",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "browser",
+ "title": "Snort Dashboard",
+ "uid": "ALgSiPiWk",
+ "version": 17
+}
\ No newline at end of file
diff --git a/logstash-configs/filter-snort.conf b/logstash-configs/filter-snort.conf
new file mode 100644
index 0000000..0a3f01d
--- /dev/null
+++ b/logstash-configs/filter-snort.conf
@@ -0,0 +1,149 @@
+# /etc/logstash/conf.d/filter-snort.conf
+filter {
+ if [type] == "snort" {
+ # This is the initial parsing of the log
+ grok {
+ match => { "message" => "\|%{SPACE}\[%{WORD:msg_source}\[%{WORD:msg}\]:%{SPACE}\[%{GREEDYDATA:sensor_name}\]%{SPACE}\]%{SPACE}\|\|%{SPACE}%{TIMESTAMP_ISO8601:event_timestamp}%{SPACE}%{INT:event_priority}%{SPACE}\[%{INT:gid}:%{INT:sid}:%{INT:rev}\]%{SPACE}%{DATA:alert_description}\|\|%{SPACE}%{DATA:classification}%{SPACE}\|\|%{SPACE}%{INT:protocol}%{SPACE}%{IP:SrcIp}%{SPACE}%{IP:DstIp}%{SPACE}%{INT:IpVersion}%{SPACE}%{INT:IpHeaderLength}%{SPACE}%{INT:IpTos}%{SPACE}%{INT:PacketLength}%{SPACE}%{INT:IpId}%{SPACE}%{INT:IpReserved}%{SPACE}%{INT:FragOffset}%{SPACE}%{INT:TTL}%{SPACE}%{INT:Checksum}%{SPACE}\|\|%{SPACE}%{INT:SrcPort}%{SPACE}%{INT:DstPort}%{SPACE}"}
+ }
+ if [protocol] == 6 {
+ mutate {
+ replace => { "protocol" => "TCP" }
+ }
+ grok {
+ match => { "IPTypeHeader" => "%{INT:SrcPort}·%{INT:DstPort}·%{INT:TcpSequence}·%{INT:TcpAck}·%{INT:TcpOffset}·%{INT:TcpReserved}·%{INT:TcpFlags}·%{INT:TcpWindow}·%{INT:TcpChecksum}·%{INT:TcpUrgentPointer}" }
+ }
+ }
+ if [protocol] == 17 {
+ mutate {
+ replace => { "protocol" => "UDP" }
+ }
+ grok {
+ match => { "IPTypeHeader" => "%{INT:SrcPort}·%{INT:DstPort}·%{INT:UdpLen}·%{INT:UdpChecksum}" }
+ }
+ }
+ if [protocol] == 1 {
+ mutate {
+ replace => { "protocol" => "ICMP" }
+ }
+ grok {
+ match => { "IPTypeHeader" => "%{INT:IcmpType}·%{INT:IcmpCode}·%{INT:IcmpChecksum}·%{INT:IcmpId}·%{INT:IcmpSequence}" }
+ }
+ }
+ if [protocol] == 2 {
+ mutate {
+ replace => { "protocol" => "IGMP" }
+ }
+ }
+
+ # Geoip check for the SrcIP
+ geoip {
+ source => "SrcIp"
+ target => "SrcGeoip"
+ database => "/etc/logstash/GeoLite2-City.mmdb"
+ add_field => [ "[SrcGeoip][coordinates]", "%{[geoip][longitude]}" ]
+ add_field => [ "[SrcGeoip][coordinates]", "%{[geoip][latitude]}" ]
+ }
+ mutate {
+ convert => [ "[SrcGeoip][coordinates]", "float"]
+ }
+
+ # Geoip check for DstIP
+ geoip {
+ source => "DstIp"
+ target => "DstGeoip"
+ database => "/etc/logstash/GeoLite2-City.mmdb"
+ add_field => [ "[DstGeoip][coordinates]", "%{[DstGeoip][longitude]}" ]
+ add_field => [ "[DstGeoip][coordinates]", "%{[DstGeoip][latitude]}" ]
+ }
+ mutate {
+ convert => [ "[DstGeoip][coordinates]", "float"]
+ }
+
+ # If the alert is a Snort GPL alert break it apart for easier reading and categorization
+ if [alert_description] =~ "GPL " {
+ # This will parse out the category type from the alert
+ grok {
+ match => { "alert" => "GPL\s+%{DATA:category}\s" }
+ }
+ # This will store the category
+ mutate {
+ add_field => { "rule_type" => "Snort GPL" }
+ lowercase => [ "category"]
+ }
+ }
+
+ # If the alert is an Emerging Threat alert break it apart for easier reading and categorization
+ if [alert_description] =~ "ET " {
+ # This will parse out the category type from the alert
+ grok {
+ match => { "alert" => "ET\s+%{DATA:category}\s" }
+ }
+ # This will store the category
+ mutate {
+ add_field => { "rule_type" => "Emerging Threats" }
+ lowercase => [ "category"]
+ }
+ }
+
+ # I recommend changing the field types below to integer so searches can do greater than or less than
+ # and also so math functions can be ran against them
+ mutate {
+ convert => [ "SrcPort", "integer" ]
+ convert => [ "DstPort", "integer" ]
+ convert => [ "event_priority", "integer" ]
+ convert => [ "protocol", "integer" ]
+ }
+ # Remove message - if wanna save space uncomment it
+ # remove_field => [ "message"]
+ #}
+
+ # This will translate the priority field into a severity field of either High, Medium, or Low
+ if [event_priority] == 1 {
+ mutate {
+ add_field => { "severity" => "High" }
+ }
+ }
+ if [event_priority] == 2 {
+ mutate {
+ add_field => { "severity" => "Medium" }
+ }
+ }
+ if [event_priority] == 3 {
+ mutate {
+ add_field => { "severity" => "Low" }
+ }
+ }
+
+ # This section adds URLs to lookup information about a rule online
+ mutate {
+ add_field => [ "ET_Signature_Info", "http://doc.emergingthreats.net/%{sid}" ]
+ add_field => [ "Snort_Signature_Info", "https://www.snort.org/search?query=%{gid}-%{sid}" ]
+ }
+
+
+ #protocol type detection
+ if [protocol] == 17 {
+ mutate {
+ replace => { "protocol" => "UDP" }
+ }
+ }
+
+ if [protocol] == 6 {
+ mutate {
+ replace => { "protocol" => "TCP" }
+ }
+ }
+
+ if [protocol] == 1 {
+ mutate {
+ replace => { "protocol" => "ICMP" }
+ }
+ }
+
+ if [protocol] == 2 {
+ mutate {
+ replace => { "protocol" => "IGMP" }
+ }
+ }
+ }
+}
diff --git a/logstash-configs/input-snort.conf b/logstash-configs/input-snort.conf
new file mode 100644
index 0000000..17ba916
--- /dev/null
+++ b/logstash-configs/input-snort.conf
@@ -0,0 +1,7 @@
+# /etc/logstash/conf.d/input-snort.conf
+input {
+ udp {
+ port => 5142
+ type => snort
+ }
+}
diff --git a/logstash-configs/snort-output.conf b/logstash-configs/snort-output.conf
new file mode 100644
index 0000000..2773701
--- /dev/null
+++ b/logstash-configs/snort-output.conf
@@ -0,0 +1,13 @@
+output {
+ if [msg_source]== "SNORTIDS" {
+ elasticsearch {
+ template => "/etc/logstash/templates/snortids-template.json"
+ template_overwrite => true
+ index => "snortids-%{+YYYY.MM.dd}"
+ hosts => ["IP_ELASTICSEARCH_SERVER:9200"]
+ }
+ stdout {
+ codec => rubydebug
+ }
+ }
+}
diff --git a/logstash-configs/snortids-template.json b/logstash-configs/snortids-template.json
new file mode 100644
index 0000000..66c00a6
--- /dev/null
+++ b/logstash-configs/snortids-template.json
@@ -0,0 +1,478 @@
+{
+ "template" : "snortids*",
+ "version" : 50001,
+ "settings" : {
+ "index.refresh_interval" : "5s"
+ },
+ "mappings" : {
+ "_default_" : {
+ "properties" : {
+ "@timestamp" : {
+ "type" : "date"
+ },
+ "@version" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "Checksum" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "DstGeoip" : {
+ "properties" : {
+ "city_name" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "continent_code" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "coordinates" : {
+ "type" : "float"
+ },
+ "country_code2" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "country_code3" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "country_name" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "dma_code" : {
+ "type" : "long"
+ },
+ "ip" : { "type" : "ip" },
+ "latitude" : {
+ "type" : "float"
+ },
+ "location" : { "type" : "geo_point" },
+ "longitude" : {
+ "type" : "float"
+ },
+ "postal_code" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "region_code" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "region_name" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "timezone" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ }
+ }
+ },
+ "DstIp" : { "type" : "ip" },
+ "DstPort" : {
+ "type" : "long"
+ },
+ "ET_Signature_Info" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "FragOffset" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "IpHeaderLength" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "IpId" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "IpReserved" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "IpTos" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "IpVersion" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "PacketLength" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "Snort_Signature_Info" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "SrcGeoip" : {
+ "properties" : {
+ "city_name" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "continent_code" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "coordinates" : {
+ "type" : "float"
+ },
+ "country_code2" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "country_code3" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "country_name" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "dma_code" : {
+ "type" : "long"
+ },
+ "ip" : { "type" : "ip" },
+ "latitude" : {
+ "type" : "float"
+ },
+ "location" : { "type" : "geo_point" },
+ "longitude" : {
+ "type" : "float"
+ },
+ "postal_code" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "region_code" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "region_name" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "timezone" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ }
+ }
+ },
+ "SrcIp" : { "type" : "ip" },
+ "SrcPort" : {
+ "type" : "long"
+ },
+ "TTL" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "alert_description" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "classification" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "event_priority" : {
+ "type" : "long"
+ },
+ "event_timestamp" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "gid" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "host" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "message" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "msg" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "msg_source" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "protocol" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "rev" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "rule_type" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "sensor_name" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "severity" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "sid" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "tags" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "type" : {
+ "type" : "text",
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+
diff --git a/snort-configs/barnyard2.conf b/snort-configs/barnyard2.conf
new file mode 100644
index 0000000..c7e4e21
--- /dev/null
+++ b/snort-configs/barnyard2.conf
@@ -0,0 +1,16 @@
+# /etc/snort/barnyard2.conf
+# Sending output to standard log file "alert_barnyard2" and to logstash server "IP_LOGSTAH_SERVER" udp port 5142
+config reference_file: /etc/snort/reference.config
+config classification_file: /etc/snort/classification.config
+config gen_file: /etc/snort/gen-msg.map
+config sid_file: /etc/snort/sid-msg.map
+config logdir: /var/log/barnyard2
+config hostname: mysnortids1
+config interface: eth0
+config alert_with_interface_name
+config waldo_file: /var/log/snort/barnyard2.waldo
+config archivedir: /var/log/snort/archived_logs
+config process_new_records_only
+input unified2
+output alert_fast: /var/log/snort/alert_barnyard2
+output log_syslog_full: sensor_name em1, server IP_LOGSTASH_SERVER protocol udp, port 5142, operation_mode complete, log_facility LOG_LOCAL1, log_priority LOG_ALERT
diff --git a/snort-configs/barnyard2.service b/snort-configs/barnyard2.service
new file mode 100644
index 0000000..d7a259f
--- /dev/null
+++ b/snort-configs/barnyard2.service
@@ -0,0 +1,12 @@
+# /etc/systemd/system/multi-user.target.wants/barnyard2.service
+# SystemD control file for Barnyard2 service
+[Unit]
+Description=Barnyard2 Daemon
+After=syslog.target network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -l /var/log/barnyard2 -d /var/log/snort -f merged.log -v -w /var/log/snort/waldo2.file -g snort -u snort -D -a /var/log/snort/archived_logs --pid-path /var/log/barnyard2
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/snort-configs/snort.service b/snort-configs/snort.service
new file mode 100644
index 0000000..0f0514e
--- /dev/null
+++ b/snort-configs/snort.service
@@ -0,0 +1,13 @@
+# /etc/systemd/system/multi-user.target.wants/snort.service
+# SystemD control file for Snort service
+# -l parameter configures output log directory to be processed further by Barnyard2
+[Unit]
+Description=Snort NIDS/IPS Daemon em1 interface
+After=syslog.target network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/sbin/snort -q -u snort -g snort -c /etc/snortem1/snort.conf -i eth0 -l /var/log/snort
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
--
GitLab