From 3880d11779095f2ffc201867033a52b624d32d1c Mon Sep 17 00:00:00 2001 From: Bastian Maeuser Date: Thu, 7 Nov 2019 17:30:59 +0100 Subject: [PATCH] Add autoprovisioning Stuff --- dashboardassign.sh | 3 + provisioning/dashboards/all.yml | 11 + provisioning/dashboards/firewall.json | 1373 ++++++++++++++++++++++++ provisioning/dashboards/ndpi.json | 863 +++++++++++++++ provisioning/datasources/automatic.yml | 2 + 5 files changed, 2252 insertions(+) create mode 100755 dashboardassign.sh create mode 100644 provisioning/dashboards/all.yml create mode 100644 provisioning/dashboards/firewall.json create mode 100644 provisioning/dashboards/ndpi.json diff --git a/dashboardassign.sh b/dashboardassign.sh new file mode 100755 index 0000000..b76a5ba --- /dev/null +++ b/dashboardassign.sh @@ -0,0 +1,3 @@ +#!/bin/bash +sed -i 's/${DS_PFS_GRAYLOG}/pfsensefw/g' provisioning/dashboards/firewall.json +sed -i 's/${DS_NTOP-CLUSTER}/ntop/g' provisioning/dashboards/ndpi.json diff --git a/provisioning/dashboards/all.yml b/provisioning/dashboards/all.yml new file mode 100644 index 0000000..6c2268f --- /dev/null +++ b/provisioning/dashboards/all.yml @@ -0,0 +1,11 @@ +apiVersion: 1 + +providers: +- name: 'pfSense Analytics' + orgId: 1 + folder: '' + type: file + disableDeletion: false + editable: true + options: + path: /etc/grafana/provisioning/dashboards diff --git a/provisioning/dashboards/firewall.json b/provisioning/dashboards/firewall.json new file mode 100644 index 0000000..dc11a14 --- /dev/null +++ b/provisioning/dashboards/firewall.json @@ -0,0 +1,1373 @@ +{ + "__inputs": [ + { + "name": "DS_PFS_GRAYLOG", + "label": "PFS Graylog", + "description": "", + "type": "datasource", + "pluginId": "elasticsearch", + "pluginName": "Elasticsearch" + } + ], + "__requires": [ + { + "type": "datasource", + "id": "elasticsearch", + "name": "Elasticsearch", + "version": "1.0.0" + }, + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "6.4.3" + }, + { + "type": "panel", + "id": "grafana-piechart-panel", + "name": "Pie Chart", + "version": "1.3.9" + }, + { + "type": "panel", + "id": "grafana-worldmap-panel", + "name": "Worldmap Panel", + "version": "0.2.1" + }, + { + "type": "panel", + "id": "graph", + "name": "Graph", + "version": "" + }, + { + "type": "panel", + "id": "savantly-heatmap-panel", + "name": "Heatmap", + "version": "0.2.0" + }, + { + "type": "panel", + "id": "singlestat", + "name": "Singlestat", + "version": "" + }, + { + "type": "panel", + "id": "table", + "name": "Table", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": 5420, + "graphTooltip": 0, + "id": null, + "iteration": 1573140215631, + "links": [], + "panels": [ + { + "circleMaxSize": "20", + "circleMinSize": 2, + "colors": [ + "#FADE2A", + "rgba(237, 129, 40, 0.89)", + "#F2495C" + ], + "datasource": "pfsensefw", + "decimals": 0, + "esGeoPoint": "src_location", + "esLocationName": "src_ip", + "esMetric": "Count", + "gridPos": { + "h": 12, + "w": 16, + "x": 0, + "y": 0 + }, + "height": "", + "hideEmpty": false, + "hideZero": false, + "id": 1, + "initialZoom": "2", + "links": [], + "locationData": "geohash", + "mapCenter": "Europe", + "mapCenterLatitude": 46, + "mapCenterLongitude": 14, + "maxDataPoints": 1, + "mouseWheelZoom": true, + "options": {}, + "showLegend": true, + "stickyLabels": true, + "tableQueryOptions": { + "geohashField": "geohash", + "latitudeField": "latitude", + "longitudeField": "longitude", + "metricField": "metric", + "queryType": "geohash" + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "fake": true, + "field": "src_ip", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + }, + { + "field": "src_location", + "id": "2", + "settings": { + "precision": 7 + }, + "type": "geohash_grid" + } + ], + "dsType": "elasticsearch", + "metrics": [ + { + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "iface:$iface AND src_ip:$src_ip -src_ip:62.155.248.*", + "refId": "A", + "timeField": "timestamp" + } + ], + "thresholds": "2,5", + "title": "GeoIP Block source ip location by $iface", + "type": "grafana-worldmap-panel", + "unitPlural": "", + "unitSingle": "", + "valueName": "total" + }, + { + "cacheTimeout": null, + "columns": [], + "datasource": "pfsensefw", + "fontSize": "100%", + "gridPos": { + "h": 12, + "w": 8, + "x": 16, + "y": 0 + }, + "id": 8, + "links": [], + "options": {}, + "pageSize": null, + "showHeader": true, + "sort": { + "col": null, + "desc": false + }, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "date" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "decimals": 2, + "pattern": "/.*/", + "thresholds": [], + "type": "number", + "unit": "short" + } + ], + "targets": [ + { + "bucketAggs": [ + { + "fake": true, + "field": "src_ip", + "id": "7", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "fake": true, + "field": "src_ip_city_name", + "id": "8", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "fake": true, + "field": "src_ip_country_code", + "id": "6", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + } + ], + "dsType": "elasticsearch", + "hide": false, + "metrics": [ + { + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "iface:$iface AND src_ip:$src_ip -src_ip:62.155.248.*", + "refId": "A", + "target": "", + "timeField": "timestamp" + } + ], + "title": "Top ip Block by $iface", + "transform": "table", + "type": "table" + }, + { + "columns": [ + { + "text": "real_timestamp", + "value": "real_timestamp" + }, + { + "text": "src_ip", + "value": "src_ip" + }, + { + "text": "dest_ip", + "value": "dest_ip" + }, + { + "text": "PortServiceName", + "value": "PortServiceName" + }, + { + "text": "proto", + "value": "proto" + }, + { + "text": "action", + "value": "action" + }, + { + "text": "iface", + "value": "iface" + }, + { + "text": "dest_port", + "value": "dest_port" + }, + { + "text": "direction", + "value": "direction" + }, + { + "text": "src_ip_whoisresult", + "value": "src_ip_whoisresult" + } + ], + "datasource": "pfsensefw", + "filterNull": false, + "fontSize": "90%", + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 12 + }, + "id": 14, + "links": [], + "options": {}, + "pageSize": 100, + "scroll": true, + "showHeader": true, + "sort": { + "col": 0, + "desc": true + }, + "styles": [ + { + "dateFormat": "DD/MM/YY h:mm:ss a", + "pattern": "real_timestamp", + "type": "date" + }, + { + "alias": "dest_port Servicename", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "PortServiceName", + "thresholds": [], + "type": "string", + "unit": "short" + }, + { + "alias": "Source Port Name", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "src_port_name", + "thresholds": [], + "type": "string", + "unit": "short" + }, + { + "alias": "Protocol", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "proto", + "thresholds": [], + "type": "string", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "mappingType": 1, + "pattern": "dest_port", + "thresholds": [], + "type": "number", + "unit": "none" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "mappingType": 1, + "pattern": "", + "thresholds": [], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "decimals": 2, + "pattern": "src_ip_whoisresult", + "preserveFormat": false, + "sanitize": false, + "thresholds": [], + "type": "string", + "unit": "none" + } + ], + "targets": [ + { + "bucketAggs": [], + "dsType": "elasticsearch", + "metrics": [ + { + "field": "select field", + "id": "1", + "meta": {}, + "settings": { + "size": 10000 + }, + "type": "raw_document" + } + ], + "query": "iface:$iface AND dest_port:$dport AND src_ip:$src_ip -src_ip:62.155.248.*", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "Real time logs by iface:$iface", + "transform": "json", + "type": "table" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "pfsensefw", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 0, + "y": 20 + }, + "id": 18, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "metrics": [ + { + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "iface:$iface AND dest_port:$dport AND src_ip:$src_ip -src_ip:62.155.248.*", + "refId": "A", + "target": "", + "timeField": "timestamp" + } + ], + "thresholds": "", + "title": "Total Firewall Events", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "total" + }, + { + "aliasColors": {}, + "breakPoint": "50%", + "cacheTimeout": null, + "combine": { + "label": "Others", + "threshold": "" + }, + "datasource": "pfsensefw", + "fontSize": "80%", + "format": "none", + "gridPos": { + "h": 4, + "w": 6, + "x": 6, + "y": 20 + }, + "id": 2, + "interval": null, + "legend": { + "percentage": true, + "show": true, + "values": true + }, + "legendType": "Right side", + "links": [], + "maxDataPoints": 3, + "nullPointMode": "connected", + "options": {}, + "pieType": "pie", + "strokeWidth": "1", + "targets": [ + { + "bucketAggs": [ + { + "fake": true, + "field": "iface", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "dsType": "elasticsearch", + "metrics": [ + { + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "iface:$iface AND dest_port:$dport AND src_ip:$src_ip -src_ip:62.155.248.*", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "Match by interface $iface", + "type": "grafana-piechart-panel", + "valueName": "total" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "pfsensefw", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 20 + }, + "id": 4, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": false, + "hideZero": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "dsType": "elasticsearch", + "metrics": [ + { + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "iface:$iface AND dest_port:$dport AND src_ip:$src_ip -src_ip:62.155.248.*", + "refId": "A", + "timeField": "timestamp" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Events by $iface", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "none", + "label": "Count", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "none", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "pfsensefw", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 12, + "x": 0, + "y": 24 + }, + "id": 12, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": true, + "values": true + }, + "lines": false, + "linewidth": 10, + "links": [], + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "fake": true, + "field": "src_ip_country_code", + "id": "5", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "fake": true, + "field": "timestamp", + "id": "4", + "settings": { + "interval": "auto", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "dsType": "elasticsearch", + "metrics": [ + { + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "iface:$iface AND dest_port:$dport AND src_ip:$src_ip -src_ip:62.155.248.*", + "refId": "A", + "timeField": "timestamp" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Rules triggered on $iface by Country", + "tooltip": { + "shared": false, + "sort": 2, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": "@timestamp", + "show": true, + "values": [ + "total" + ] + }, + "yaxes": [ + { + "format": "none", + "label": "Triggers", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "none", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "breakPoint": "50%", + "cacheTimeout": null, + "combine": { + "label": "Others", + "threshold": 0 + }, + "datasource": "pfsensefw", + "fontSize": "80%", + "format": "none", + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 28 + }, + "id": 5, + "interval": null, + "legend": { + "show": true, + "values": true + }, + "legendType": "Right side", + "links": [], + "maxDataPoints": 3, + "nullPointMode": "connected", + "options": {}, + "pieType": "pie", + "strokeWidth": 1, + "targets": [ + { + "bucketAggs": [ + { + "fake": true, + "field": "proto", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_term", + "size": "0" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "dsType": "elasticsearch", + "metrics": [ + { + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "iface:$iface AND dest_port:$dport AND src_ip:$src_ip -src_ip:62.155.248.*", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "Protocols by interface $iface", + "type": "grafana-piechart-panel", + "valueName": "total" + }, + { + "chartId": "chart_11", + "colors": [ + "rgba(50, 172, 45, 1)", + "rgba(241, 255, 0, 1)", + "rgba(245, 54, 54, 1)" + ], + "datasource": "pfsensefw", + "format": "none", + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 30 + }, + "id": 11, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": true + }, + "links": [], + "mappingType": 1, + "maxDataPoints": 100, + "nullPointMode": "connected", + "options": {}, + "seriesOverrides": [], + "targets": [ + { + "bucketAggs": [ + { + "fake": true, + "field": "PortServiceName", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "dsType": "elasticsearch", + "metrics": [ + { + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "iface:$iface AND dest_port:$dport AND src_ip:$src_ip -src_ip:62.155.248.*", + "refId": "A", + "target": "", + "timeField": "timestamp" + } + ], + "thresholds": "0,10", + "title": "Destination Port by iface:$iface", + "treeMap": { + "aggregationFunction": "sum", + "colorByFunction": "max", + "debug": false, + "depth": 0, + "enableGrouping": true, + "enableTimeBlocks": false, + "groups": [ + { + "key": "server", + "value": "/^.*./g" + } + ], + "ids": [ + "alias" + ], + "mode": "squarify", + "nodeSizeProperty": "value", + "showLegend": true, + "sizeByFunction": "total" + }, + "type": "savantly-heatmap-panel", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ] + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "pfsensefw", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 38 + }, + "id": 3, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": true, + "values": true + }, + "lines": false, + "linewidth": 10, + "links": [], + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "City: {{term src_ip_city_name}}", + "bucketAggs": [ + { + "fake": true, + "field": "src_ip_city_name", + "id": "5", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "fake": true, + "field": "timestamp", + "id": "4", + "settings": { + "interval": "auto", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "dsType": "elasticsearch", + "metrics": [ + { + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "iface:$iface AND dest_port:$dport AND src_ip:$src_ip -src_ip:62.155.248.*", + "refId": "A", + "timeField": "timestamp" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Rules triggered on $iface by City", + "tooltip": { + "shared": false, + "sort": 2, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": "@timestamp", + "show": false, + "values": [ + "total" + ] + }, + "yaxes": [ + { + "format": "none", + "label": "Cantidad de Accesos", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "none", + "label": "Paises", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "breakPoint": "50%", + "cacheTimeout": null, + "combine": { + "label": "Others", + "threshold": 0 + }, + "datasource": "pfsensefw", + "fontSize": "80%", + "format": "none", + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 39 + }, + "id": 9, + "interval": null, + "legend": { + "show": true, + "values": true + }, + "legendType": "Right side", + "links": [], + "maxDataPoints": 3, + "nullPointMode": "connected", + "options": {}, + "pieType": "donut", + "strokeWidth": 1, + "targets": [ + { + "alias": "Port: {{PortServiceName}}", + "bucketAggs": [ + { + "fake": true, + "field": "PortServiceName", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "dsType": "elasticsearch", + "metrics": [ + { + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "iface:$iface AND dest_port:$dport AND src_ip:$src_ip -src_ip:62.155.248.*", + "refId": "A", + "target": "", + "timeField": "timestamp" + } + ], + "title": "Top 10 port Destination Block by $iface", + "type": "grafana-piechart-panel", + "valueName": "total" + } + ], + "refresh": "1m", + "schemaVersion": 20, + "style": "dark", + "tags": [ + "Elasticsearch", + "Firewall", + "Log Analyzer", + "PFsense" + ], + "templating": { + "list": [ + { + "allValue": null, + "current": {}, + "datasource": "pfsensefw", + "definition": "", + "hide": 0, + "includeAll": true, + "label": "Interface", + "multi": true, + "name": "iface", + "options": [], + "query": "{\"find\": \"terms\", \"field\":\"iface\",\"size\": \"1000000\" }", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": "*", + "current": {}, + "datasource": "pfsensefw", + "definition": "{\"find\": \"terms\", \"field\":\"src_ip\",\"query\":\"iface iface:$iface\",\"size\": \"1000000\" }", + "hide": 0, + "includeAll": true, + "label": "Source IP", + "multi": true, + "name": "src_ip", + "options": [], + "query": "{\"find\": \"terms\", \"field\":\"src_ip\",\"query\":\"iface iface:$iface\",\"size\": \"1000000\" }", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": "*", + "current": {}, + "datasource": "pfsensefw", + "definition": "{\"find\": \"terms\", \"field\":\"dest_port\",\"query\":\"iface iface:$iface\",\"size\": \"1000000\" }", + "hide": 0, + "includeAll": true, + "label": null, + "multi": true, + "name": "dport", + "options": [], + "query": "{\"find\": \"terms\", \"field\":\"dest_port\",\"query\":\"iface iface:$iface\",\"size\": \"1000000\" }", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 3, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "datasource": "PFS Graylog", + "filters": [ + { + "condition": "AND", + "key": "direction", + "operator": "=", + "value": "in" + }, + { + "key": "action", + "operator": "=", + "value": "block" + } + ], + "hide": 0, + "label": "", + "name": "Filters", + "skipUrlSync": false, + "type": "adhoc" + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "Firewall Logs", + "uid": "000000030", + "version": 82 +} diff --git a/provisioning/dashboards/ndpi.json b/provisioning/dashboards/ndpi.json new file mode 100644 index 0000000..35e1171 --- /dev/null +++ b/provisioning/dashboards/ndpi.json @@ -0,0 +1,863 @@ +{ + "__inputs": [ + { + "name": "DS_NTOP-CLUSTER", + "label": "ntop-cluster", + "description": "", + "type": "datasource", + "pluginId": "influxdb", + "pluginName": "InfluxDB" + } + ], + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "6.4.3" + }, + { + "type": "panel", + "id": "grafana-piechart-panel", + "name": "Pie Chart", + "version": "1.3.9" + }, + { + "type": "panel", + "id": "grafana-worldmap-panel", + "name": "Worldmap Panel", + "version": "0.2.1" + }, + { + "type": "panel", + "id": "graph", + "name": "Graph", + "version": "" + }, + { + "type": "datasource", + "id": "influxdb", + "name": "InfluxDB", + "version": "1.0.0" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 1, + "id": null, + "iteration": 1573140126928, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "ntop", + "fill": 1, + "fillGradient": 2, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 16, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "IPV4 $tag_host", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "host:traffic", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes_rcvd" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "IPv4 Traffic by Host", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": "ntop", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 7 + }, + "id": 12, + "panels": [], + "title": "Interface igb1", + "type": "row" + }, + { + "aliasColors": {}, + "breakPoint": "50%", + "cacheTimeout": null, + "combine": { + "label": "Others", + "threshold": 0 + }, + "datasource": "ntop", + "fontSize": "110%", + "format": "decbytes", + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 8 + }, + "id": 6, + "interval": null, + "legend": { + "header": "", + "percentage": true, + "show": true, + "sort": "total", + "sortDesc": true, + "values": false + }, + "legendType": "On graph", + "links": [], + "maxDataPoints": 3, + "nullPointMode": "connected", + "options": {}, + "pieType": "donut", + "strokeWidth": "3", + "targets": [ + { + "alias": "IPv4", + "groupBy": [ + { + "params": [ + "host" + ], + "type": "tag" + } + ], + "measurement": "host:traffic", + "orderByTime": "ASC", + "policy": "default", + "query": "select sum(sumtx_sumrx) from (select sumtx+sumrx from (select sum(tx) as sumtx, sum(rx) as sumrx from (SELECT non_negative_difference(\"bytes_rcvd\") as rx,non_negative_difference(\"bytes_sent\") as tx FROM \"host:traffic\" WHERE (\"host\" =~ /^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}$/) AND $timeFilter GROUP BY \"host\") group by *))", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes_rcvd" + ], + "type": "field" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}$/" + } + ] + }, + { + "alias": "IPv6", + "groupBy": [ + { + "params": [ + "host" + ], + "type": "tag" + } + ], + "measurement": "host:traffic", + "orderByTime": "ASC", + "policy": "default", + "query": "select sum(sumtx_sumrx) from (select sumtx+sumrx from (select sum(tx) as sumtx, sum(rx) as sumrx from (SELECT non_negative_difference(\"bytes_rcvd\") as rx,non_negative_difference(\"bytes_sent\") as tx FROM \"host:traffic\" WHERE (\"host\" !~ /^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}/) AND $timeFilter GROUP BY \"host\") group by *))", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes_rcvd" + ], + "type": "field" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}$/" + } + ] + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Traffix Distribution V4/V6", + "type": "grafana-piechart-panel", + "valueName": "total" + }, + { + "aliasColors": {}, + "breakPoint": "50%", + "cacheTimeout": null, + "combine": { + "label": "Others", + "threshold": 0 + }, + "datasource": "ntop", + "fontSize": "80%", + "format": "decbytes", + "gridPos": { + "h": 8, + "w": 8, + "x": 6, + "y": 8 + }, + "id": 2, + "interval": null, + "legend": { + "percentage": true, + "percentageDecimals": 2, + "show": true, + "sort": "total", + "sortDesc": true, + "values": true + }, + "legendType": "Right side", + "links": [], + "maxDataPoints": 3, + "nullPointMode": "connected", + "options": {}, + "pieType": "donut", + "pluginVersion": "6.4.3", + "strokeWidth": "1", + "targets": [ + { + "alias": "$tag_protocol", + "groupBy": [ + { + "params": [ + "protocol" + ], + "type": "tag" + } + ], + "limit": "", + "measurement": "iface:ndpi", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT \"bytes\" as bytes FROM \"iface:ndpi\" WHERE $timeFilter GROUP BY \"protocol\"", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "slimit": "", + "tags": [ + { + "key": "protocol", + "operator": "=~", + "value": "/^$ndpicat$/" + } + ] + } + ], + "timeFrom": null, + "timeShift": null, + "title": "NDPI Interface", + "type": "grafana-piechart-panel", + "valueName": "total" + }, + { + "circleMaxSize": "15", + "circleMinSize": "3", + "colors": [ + "#73BF69", + "rgba(237, 129, 40, 0.89)", + "#8F3BB8" + ], + "datasource": "ntop", + "decimals": 0, + "esMetric": "Count", + "gridPos": { + "h": 15, + "w": 10, + "x": 14, + "y": 8 + }, + "hideEmpty": false, + "hideZero": false, + "id": 8, + "initialZoom": "2", + "locationData": "countries", + "mapCenter": "Europe", + "mapCenterLatitude": 46, + "mapCenterLongitude": 14, + "maxDataPoints": 1, + "mouseWheelZoom": true, + "options": {}, + "showLegend": true, + "stickyLabels": false, + "tableQueryOptions": { + "geohashField": "geohash", + "latitudeField": "latitude", + "longitudeField": "longitude", + "metricField": "metric", + "queryType": "geohash" + }, + "targets": [ + { + "alias": "$tag_country", + "groupBy": [ + { + "params": [ + "country" + ], + "type": "tag" + } + ], + "measurement": "country:traffic", + "orderByTime": "ASC", + "policy": "default", + "query": "select sum(inout)/1024/1024/1024 from (SELECT \"bytes_ingress\"+\"bytes_egress\" as inout FROM \"country:traffic\" WHERE time >= now() - 3h GROUP BY \"country\") group by *", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes_egress" + ], + "type": "field" + }, + { + "params": [], + "type": "sum" + } + ] + ], + "tags": [] + } + ], + "thresholds": "4,10", + "timeFrom": null, + "timeShift": null, + "title": "Traffic egress+ingress per Country", + "type": "grafana-worldmap-panel", + "unitPlural": "GBytes", + "unitSingle": "", + "unitSingular": "GByte", + "valueName": "current" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "ntop", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 14, + "x": 0, + "y": 16 + }, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "alias": "local2remote", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + } + ], + "measurement": "iface:local2remote", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [] + }, + { + "alias": "remote2local", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + } + ], + "measurement": "iface:remote2local", + "orderByTime": "ASC", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Flowthroughput", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "ntop", + "fill": 1, + "fillGradient": 1, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 23 + }, + "id": 10, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_protocol", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "protocol" + ], + "type": "tag" + } + ], + "measurement": "iface:ndpi", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "protocol", + "operator": "=~", + "value": "/^$ndpicat$/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Traffic Distribution", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": "30s", + "schemaVersion": 20, + "style": "dark", + "tags": [ + "pfSense", + "NTOP" + ], + "templating": { + "list": [ + { + "allValue": null, + "current": {}, + "datasource": "ntop", + "definition": "SHOW TAG VALUES FROM \"iface:ndpi\" WITH KEY=protocol", + "hide": 0, + "includeAll": true, + "label": null, + "multi": true, + "name": "ndpicat", + "options": [], + "query": "SHOW TAG VALUES FROM \"iface:ndpi\" WITH KEY=protocol", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "apps.$tag.*", + "tags": [], + "tagsQuery": "SHOW TAG VALUES FROM \"iface:ndpi\" WITH KEY=protocol WHERE protocol =~ /^RTP$/", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "DPI", + "uid": "_LW0mbAZk", + "version": 52 +} diff --git a/provisioning/datasources/automatic.yml b/provisioning/datasources/automatic.yml index 45bfd14..eb23701 100644 --- a/provisioning/datasources/automatic.yml +++ b/provisioning/datasources/automatic.yml @@ -3,6 +3,8 @@ apiVersion: 1 deleteDatasources: - name: ntop orgId: 1 + - name: pfsensefw + orgId: 1 datasources: - name: ntop