From 40ed701c2ea97d99025c4e16c126d8d4bf9416ee Mon Sep 17 00:00:00 2001 From: Bastian Maeuser Date: Thu, 7 Nov 2019 18:12:02 +0100 Subject: [PATCH] Delete orphaned stuff --- .../graylog2/pfsense_content_pack.json | 218 --- .../pfsense_content_pack_table_lookup.json | 50 - .../PFsense Graylog-1523752504984.json | 1264 ----------------- 3 files changed, 1532 deletions(-) delete mode 100644 pfsense_content_pack/graylog2/pfsense_content_pack.json delete mode 100644 pfsense_content_pack/graylog2/pfsense_content_pack_table_lookup.json delete mode 100644 pfsense_grafana_dashboard/PFsense Graylog-1523752504984.json diff --git a/pfsense_content_pack/graylog2/pfsense_content_pack.json b/pfsense_content_pack/graylog2/pfsense_content_pack.json deleted file mode 100644 index 53f565c..0000000 --- a/pfsense_content_pack/graylog2/pfsense_content_pack.json +++ /dev/null @@ -1,218 +0,0 @@ -{ "name":"PFsense Content Pack", - "description":"Input, Extractors, Streams", - "category":"Firewall", - "inputs":[ - { - "id":"5a982448687cf8128c10ce6e", - "title":"Pfsense-Logs", - "configuration":{ - "expand_structured_data":false, - "recv_buffer_size":262144, - "port":5442, - "override_source":null, - "force_rdns":false, - "allow_override_date":true, - "bind_address":"0.0.0.0", - "store_full_message":false - }, - "static_fields":{ - - }, - "type":"org.graylog2.inputs.syslog.udp.SyslogUDPInput", - "global":false, - "extractors":[ - { - "title":"PFsenseExtractor", - "type":"GROK", - "cursor_strategy":"COPY", - "target_field":"", - "source_field":"message", - "configuration":{ - "grok_pattern":"%{PFSENSE_LOG_ENTRY}" - }, - "converters":[ - - ], - "condition_type":"NONE", - "condition_value":"", - "order":0 - }, - { - "title":"Port to Service Name", - "type":"LOOKUP_TABLE", - "cursor_strategy":"COPY", - "target_field":"PortServiceName", - "source_field":"dest_port", - "configuration":{ - "lookup_table_name":"Service Port Translator" - }, - "converters":[ - - ], - "condition_type":"NONE", - "condition_value":"", - "order":0 - }, - { - "title":"Source Port Name", - "type":"LOOKUP_TABLE", - "cursor_strategy":"COPY", - "target_field":"src_port_name", - "source_field":"src_port", - "configuration":{ - "lookup_table_name":"Service Port Translator" - }, - "converters":[ - - ], - "condition_type":"NONE", - "condition_value":"", - "order":0 - } - ] - } - ], - "streams":[ - { - "id":"5a9827f4687cf8128c10d272", - "title":"pfsense logs", - "description":"Pfsense Logs Stream", - "disabled":false, - "matching_type":"AND", - "stream_rules":[ - { - "type":"CONTAINS", - "field":"source", - "value":"filterlog", - "inverted":false, - "description":"" - } - ], - "outputs":[ - - ], - "default_stream":false - } - ], - "outputs":[ - - ], - "dashboards":[ - - ], - "grok_patterns":[ - { - "name":"PFSENSE_ICMP_TSTAMP", - "pattern":"%{INT:icmp_tstamp_id},%{INT:icmp_tstamp_sequence}" - }, - { - "name":"PFSENSE_IPv4_SPECIFIC_DATA_ECN", - "pattern":"(?(4)),%{BASE16NUM:tos},%{INT:ecn},%{INT:ttl},%{INT:id},%{INT:offset},%{WORD:flags},%{INT:proto_id},%{WORD:proto}," - }, - { - "name":"PFSENSE_CARP_DATA", - "pattern":"%{WORD:carp_type},%{INT:carp_ttl},%{INT:carp_vhid},%{INT:carp_version},%{INT:carp_advbase},%{INT:carp_advskew}" - }, - { - "name":"PFSENSE_APP_ERROR", - "pattern":"webConfigurator (%{DATA:pfsense_ACTION}) for \\'(%{DATA:pfsense_USER})\\' from (%{GREEDYDATA:pfsense_REMOTE_IP})" - }, - { - "name":"PFSENSE_ICMP_UNREACHABLE", - "pattern":"%{GREEDYDATA:icmp_unreachable}" - }, - { - "name":"PFSENSE_UDP_DATA", - "pattern":"%{INT:src_port},%{INT:dest_port},%{INT:data_length}" - }, - { - "name":"PFSENSE_ICMP_ECHO_REQ_REPLY", - "pattern":"%{INT:icmp_echo_id},%{INT:icmp_echo_sequence}" - }, - { - "name":"PFSENSE_IGMP_DATA", - "pattern":"datalength=%{INT:data_length}" - }, - { - "name":"PFSENSE_TCP_DATA", - "pattern":"%{INT:src_port},%{INT:dest_port},%{INT:data_length},%{WORD:tcp_flags},%{INT:sequence_number},%{INT:ack_number},%{INT:tcp_window},%{DATA:urg_data},%{GREEDYDATA:tcp_options}" - }, - { - "name":"PFSENSE_IP_DATA", - "pattern":"%{INT:length},%{IP:src_ip},%{IP:dest_ip}," - }, - { - "name":"PFSENSE_ICMP_NEED_FLAG", - "pattern":"%{IP:icmp_need_flag_ip},%{INT:icmp_need_flag_mtu}" - }, - { - "name":"PFSENSE_APP_DATA", - "pattern":"(%{PFSENSE_APP_LOGOUT}|%{PFSENSE_APP_LOGIN}|%{PFSENSE_APP_ERROR}|%{PFSENSE_APP_GEN})" - }, - { - "name":"PFSENSE_APP_LOGOUT", - "pattern":"User (%{DATA:pfsense_ACTION}) for user \\'(%{DATA:pfsense_USER})\\' from: (%{GREEDYDATA:pfsense_REMOTE_IP})" - }, - { - "name":"PFSENSE_ICMP_DATA", - "pattern":"%{PFSENSE_ICMP_TYPE}%{PFSENSE_ICMP_RESPONSE}" - }, - { - "name":"PFSENSE_IPv4_SPECIFIC_DATA", - "pattern":"(?(4)),%{BASE16NUM:tos},%{WORD:ecn}?,%{INT:ttl},%{INT:id},%{INT:offset},%{WORD:flags},%{INT:proto_id},%{WORD:proto}," - }, - { - "name":"PFSENSE_IPv6_SPECIFIC_DATA", - "pattern":"(?(6)),%{BASE16NUM:ipv6_Flag1},%{WORD:ipv6_Flag2},%{WORD:flow_label},%{WORD:options},%{INT:protocol_id},%{INT:length},%{IPV6:src_ip},%{IPV6:dest_ip},%{WORD:ipv6_HPH},%{WORD:ipv6_padn},%{WORD:ipv6_Alert},%{BASE16NUM:ipv6_Flag3}," - }, - { - "name":"PFSENSE_ICMP_UNREACHPROTO", - "pattern":"%{IP:icmp_unreach_dest_ip},%{WORD:icmp_unreachproto_protocol}" - }, - { - "name":"PFSENSE_APP_LOGIN", - "pattern":"(%{DATA:pfsense_ACTION}) for user \\'(%{DATA:pfsense_USER})\\' from: (%{GREEDYDATA:pfsense_REMOTE_IP})" - }, - { - "name":"PFSENSE_LOG_DATA", - "pattern":"%{INT:rule},%{INT:sub_rule}?,,%{INT:tracker},%{WORD:iface},%{WORD:reason},%{WORD:action},%{WORD:direction}," - }, - { - "name":"PFSENSE_PROTOCOL_DATA", - "pattern":"%{PFSENSE_TCP_DATA}|%{PFSENSE_UDP_DATA}|%{PFSENSE_ICMP_DATA}|%{PFSENSE_CARP_DATA}|%{PFSENSE_IGMP_DATA}" - }, - { - "name":"PFSENSE_LOG_ENTRY", - "pattern":"%{PFSENSE_LOG_DATA}%{PFSENSE_IP_SPECIFIC_DATA}%{PFSENSE_IP_DATA}%{PFSENSE_PROTOCOL_DATA}?" - }, - { - "name":"PFSENSE_APP", - "pattern":"(%{DATA:pfsense_APP}):" - }, - { - "name":"PFSENSE_IP_SPECIFIC_DATA", - "pattern":"%{PFSENSE_IPv4_SPECIFIC_DATA}|%{PFSENSE_IPv6_SPECIFIC_DATA}" - }, - { - "name":"PFSENSE_APP_GEN", - "pattern":"(%{GREEDYDATA:pfsense_ACTION})" - }, - { - "name":"PFSENSE_ICMP_RESPONSE", - "pattern":"%{PFSENSE_ICMP_ECHO_REQ_REPLY}|%{PFSENSE_ICMP_UNREACHPORT}| %{PFSENSE_ICMP_UNREACHPROTO}|%{PFSENSE_ICMP_UNREACHABLE}|%{PFSENSE_ICMP_NEED_FLAG}|%{PFSENSE_ICMP_TSTAMP}|%{PFSENSE_ICMP_TSTAMP_REPLY}" - }, - { - "name":"PFSENSE_ICMP_UNREACHPORT", - "pattern":"%{IP:icmp_unreachport_dest_ip},%{WORD:icmp_unreachport_protocol},%{INT:icmp_unreachport_port}" - }, - { - "name":"PFSENSE_ICMP_TYPE", - "pattern":"(?(request|reply|unreachproto|unreachport|unreach|timeexceed|paramprob|redirect|maskreply|needfrag|tstamp|tstampreply))," - }, - { - "name":"PFSENSE_ICMP_TSTAMP_REPLY", - "pattern":"%{INT:icmp_tstamp_reply_id},%{INT:icmp_tstamp_reply_sequence},%{INT:icmp_tstamp_reply_otime},%{INT:icmp_tstamp_reply_rtime},%{INT:icmp_tstamp_reply_ttime}" - } - ] - -} diff --git a/pfsense_content_pack/graylog2/pfsense_content_pack_table_lookup.json b/pfsense_content_pack/graylog2/pfsense_content_pack_table_lookup.json deleted file mode 100644 index 4cdb45f..0000000 --- a/pfsense_content_pack/graylog2/pfsense_content_pack_table_lookup.json +++ /dev/null @@ -1,50 +0,0 @@ -{ "name":"PFsense Port Lookup", - "description":"Lookup Table, Data Adapter and Cache Adapter", - "category":"Firewall", - - "lookup_data_adapters":[ - { - "title":"CVS Port Translate", - "description":"Table CVS for translate port service to service name", - "name":"cvs-port-translate", - "config":{ - "type":"csvfile", - "path":"/etc/graylog/server/service-names-port-numbers.csv", - "separator":",", - "quotechar":"\"", - "key_column":"Port", - "value_column":"Service", - "check_interval":3, - "case_insensitive_lookup":false - } - } - ], - "lookup_caches":[ - { - "title":"Cache Service Port", - "description":"Cache Service Port", - "name":"cache-service-port", - "config":{ - "type":"guava_cache", - "max_size":1000, - "expire_after_access":60, - "expire_after_access_unit":"SECONDS", - "expire_after_write":0, - "expire_after_write_unit":null - } - } - ], - "lookup_tables":[ - { - "title":"Service Port Translator", - "description":"Service Port Translator to name service", - "name":"Service Port Translator", - "cache_name":"cache-service-port", - "data_adapter_name":"cvs-port-translate", - "default_single_value":"", - "default_single_value_type":"NULL", - "default_multi_value":"", - "default_multi_value_type":"NULL" - } - ] -} diff --git a/pfsense_grafana_dashboard/PFsense Graylog-1523752504984.json b/pfsense_grafana_dashboard/PFsense Graylog-1523752504984.json deleted file mode 100644 index 4f4e57a..0000000 --- a/pfsense_grafana_dashboard/PFsense Graylog-1523752504984.json +++ /dev/null @@ -1,1264 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PFSENSE_GRAYLOG", - "label": "Pfsense Graylog", - "description": "", - "type": "datasource", - "pluginId": "elasticsearch", - "pluginName": "Elasticsearch" - } - ], - "__requires": [ - { - "type": "datasource", - "id": "elasticsearch", - "name": "Elasticsearch", - "version": "5.0.0" - }, - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.3" - }, - { - "type": "panel", - "id": "grafana-piechart-panel", - "name": "Pie Chart", - "version": "1.2.0" - }, - { - "type": "panel", - "id": "grafana-worldmap-panel", - "name": "Worldmap Panel", - "version": "0.0.21" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "savantly-heatmap-panel", - "name": "Heatmap", - "version": "0.2.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "table", - "name": "Table", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "iteration": 1523752476189, - "links": [ - { - "asDropdown": true, - "icon": "external link", - "tags": [ - "Elasticsearch" - ], - "title": "Graylog Dashboards", - "type": "dashboards" - } - ], - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "${DS_PFSENSE_GRAYLOG}", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 13, - "x": 0, - "y": 0 - }, - "id": 18, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "bucketAggs": [ - { - "field": "real_timestamp", - "id": "2", - "settings": { - "interval": "auto", - "min_doc_count": 0, - "trimEdges": 0 - }, - "type": "date_histogram" - } - ], - "metrics": [ - { - "field": "select field", - "id": "1", - "type": "count" - } - ], - "query": "iface:$iface AND src_ip:$src_ip", - "refId": "A", - "target": "", - "timeField": "real_timestamp" - } - ], - "thresholds": "", - "title": "Total Firewall Events", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "total" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "${DS_PFSENSE_GRAYLOG}", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 7, - "x": 13, - "y": 0 - }, - "id": 8, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "Top ip Block", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "src_ip", - "targets": [ - { - "bucketAggs": [ - { - "fake": true, - "field": "src_ip", - "id": "3", - "settings": { - "min_doc_count": 1, - "order": "desc", - "orderBy": "_count", - "size": "10" - }, - "type": "terms" - } - ], - "dsType": "elasticsearch", - "metrics": [ - { - "field": "select field", - "id": "1", - "type": "count" - } - ], - "query": "iface:$iface AND src_ip:$src_ip", - "refId": "A", - "target": "", - "timeField": "real_timestamp" - } - ], - "thresholds": "", - "title": "Top ip Block by $iface", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "![https://www.sysadminsdecuba.com](https://www.sysadminsdecuba.com/wp-content/uploads/2017/10/cropped-placeholder-medium.png)\n# PFsense Dashboard Logs Analisys .\nDocumentation in [sysadminsdecuba](https://www.sysadminsdecuba.com)\n\nDesing by: Omar Padrón Capote\n\nemail: omar@mpcfg.co.cu", - "gridPos": { - "h": 13, - "w": 4, - "x": 20, - "y": 0 - }, - "id": 16, - "links": [], - "mode": "markdown", - "title": "Credits", - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PFSENSE_GRAYLOG}", - "fill": 1, - "gridPos": { - "h": 10, - "w": 13, - "x": 0, - "y": 3 - }, - "id": 4, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "bucketAggs": [ - { - "field": "timestamp_graf", - "id": "2", - "settings": { - "interval": "auto", - "min_doc_count": 0, - "trimEdges": 0 - }, - "type": "date_histogram" - } - ], - "dsType": "elasticsearch", - "metrics": [ - { - "field": "select field", - "id": "1", - "type": "count" - } - ], - "query": "iface:$iface AND src_ip:$src_ip", - "refId": "A", - "timeField": "real_timestamp" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Events by $iface", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": "Cantidad", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "none", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "cacheTimeout": null, - "combine": { - "label": "Others", - "threshold": "" - }, - "datasource": "${DS_PFSENSE_GRAYLOG}", - "fontSize": "80%", - "format": "none", - "gridPos": { - "h": 9, - "w": 7, - "x": 13, - "y": 4 - }, - "id": 2, - "interval": null, - "legend": { - "percentage": true, - "show": true, - "values": true - }, - "legendType": "Right side", - "links": [], - "maxDataPoints": 3, - "nullPointMode": "connected", - "pieType": "pie", - "strokeWidth": "1", - "targets": [ - { - "bucketAggs": [ - { - "fake": true, - "field": "iface", - "id": "3", - "settings": { - "min_doc_count": 1, - "order": "desc", - "orderBy": "_count", - "size": "0" - }, - "type": "terms" - }, - { - "field": "timestamp_graf", - "id": "2", - "settings": { - "interval": "auto", - "min_doc_count": 0, - "trimEdges": 0 - }, - "type": "date_histogram" - } - ], - "dsType": "elasticsearch", - "metrics": [ - { - "field": "select field", - "id": "1", - "type": "count" - } - ], - "query": "iface:$iface AND src_ip:$src_ip", - "refId": "A", - "timeField": "real_timestamp" - } - ], - "title": "Block by interface $iface", - "type": "grafana-piechart-panel", - "valueName": "total" - }, - { - "circleMaxSize": "30", - "circleMinSize": 2, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "${DS_PFSENSE_GRAYLOG}", - "decimals": 0, - "esGeoPoint": "src_location", - "esLocationName": "src_ip", - "esMetric": "Count", - "gridPos": { - "h": 10, - "w": 13, - "x": 0, - "y": 13 - }, - "height": "", - "hideEmpty": false, - "hideZero": false, - "id": 1, - "initialZoom": "1", - "links": [], - "locationData": "geohash", - "mapCenter": "(0°, 0°)", - "mapCenterLatitude": 0, - "mapCenterLongitude": 0, - "maxDataPoints": 1, - "showLegend": true, - "stickyLabels": false, - "targets": [ - { - "alias": "", - "bucketAggs": [ - { - "fake": true, - "field": "src_ip", - "id": "3", - "settings": { - "min_doc_count": 1, - "order": "desc", - "orderBy": "_count", - "size": "0" - }, - "type": "terms" - }, - { - "field": "src_location", - "id": "2", - "settings": { - "precision": 7 - }, - "type": "geohash_grid" - } - ], - "dsType": "elasticsearch", - "metrics": [ - { - "field": "select field", - "id": "1", - "type": "count" - } - ], - "query": "iface:$iface AND src_ip:$src_ip", - "refId": "A", - "timeField": "real_timestamp" - } - ], - "thresholds": "0,10", - "title": "GeoIP Block source ip location by $iface", - "type": "grafana-worldmap-panel", - "unitPlural": "", - "unitSingle": "", - "valueName": "total" - }, - { - "aliasColors": {}, - "cacheTimeout": null, - "combine": { - "label": "Others", - "threshold": 0 - }, - "datasource": "${DS_PFSENSE_GRAYLOG}", - "fontSize": "80%", - "format": "none", - "gridPos": { - "h": 10, - "w": 11, - "x": 13, - "y": 13 - }, - "id": 5, - "interval": null, - "legend": { - "show": true, - "values": true - }, - "legendType": "Right side", - "links": [], - "maxDataPoints": 3, - "nullPointMode": "connected", - "pieType": "pie", - "strokeWidth": 1, - "targets": [ - { - "bucketAggs": [ - { - "fake": true, - "field": "proto", - "id": "3", - "settings": { - "min_doc_count": 1, - "order": "desc", - "orderBy": "_term", - "size": "0" - }, - "type": "terms" - }, - { - "field": "timestamp_graf", - "id": "2", - "settings": { - "interval": "auto", - "min_doc_count": 0, - "trimEdges": 0 - }, - "type": "date_histogram" - } - ], - "dsType": "elasticsearch", - "metrics": [ - { - "field": "select field", - "id": "1", - "type": "count" - } - ], - "query": "iface:$iface AND src_ip:$src_ip", - "refId": "A", - "timeField": "real_timestamp" - } - ], - "title": "Protocols by interface $iface", - "type": "grafana-piechart-panel", - "valueName": "total" - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PFSENSE_GRAYLOG}", - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 23 - }, - "id": 12, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": true, - "values": true - }, - "lines": false, - "linewidth": 10, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "", - "bucketAggs": [ - { - "fake": true, - "field": "src_ip_country_code", - "id": "5", - "settings": { - "min_doc_count": 1, - "order": "desc", - "orderBy": "_count", - "size": "10" - }, - "type": "terms" - }, - { - "fake": true, - "field": "timestamp_graf", - "id": "4", - "settings": { - "interval": "auto", - "min_doc_count": 0, - "trimEdges": 0 - }, - "type": "date_histogram" - } - ], - "dsType": "elasticsearch", - "metrics": [ - { - "field": "select field", - "id": "1", - "type": "count" - } - ], - "query": "iface:$iface AND src_ip:$src_ip", - "refId": "A", - "timeField": "real_timestamp" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Países by $iface", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "series", - "name": "@timestamp", - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "none", - "label": "Cantidad de Accesos", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "none", - "label": "Paises", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PFSENSE_GRAYLOG}", - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 23 - }, - "id": 3, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": true, - "values": true - }, - "lines": false, - "linewidth": 10, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "City: {{term src_ip_city_name}}", - "bucketAggs": [ - { - "fake": true, - "field": "src_ip_city_name", - "id": "5", - "settings": { - "min_doc_count": 1, - "order": "desc", - "orderBy": "_count", - "size": "10" - }, - "type": "terms" - }, - { - "fake": true, - "field": "timestamp_graf", - "id": "4", - "settings": { - "interval": "auto", - "min_doc_count": 0, - "trimEdges": 0 - }, - "type": "date_histogram" - } - ], - "dsType": "elasticsearch", - "metrics": [ - { - "field": "select field", - "id": "1", - "type": "count" - } - ], - "query": "iface:$iface AND src_ip:$src_ip", - "refId": "A", - "timeField": "real_timestamp" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Cities by iface:$iface", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "series", - "name": "@timestamp", - "show": false, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "none", - "label": "Cantidad de Accesos", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "none", - "label": "Paises", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "chartId": "chart_11", - "colors": [ - "rgba(50, 172, 45, 1)", - "rgba(241, 255, 0, 1)", - "rgba(245, 54, 54, 1)" - ], - "datasource": "${DS_PFSENSE_GRAYLOG}", - "format": "none", - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 32 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": true - }, - "links": [], - "mappingType": 1, - "maxDataPoints": 100, - "nullPointMode": "connected", - "seriesOverrides": [], - "targets": [ - { - "bucketAggs": [ - { - "fake": true, - "field": "PortServiceName", - "id": "3", - "settings": { - "min_doc_count": 1, - "order": "desc", - "orderBy": "_count", - "size": "20" - }, - "type": "terms" - }, - { - "field": "timestamp_graf", - "id": "2", - "settings": { - "interval": "auto", - "min_doc_count": 0, - "trimEdges": 0 - }, - "type": "date_histogram" - } - ], - "dsType": "elasticsearch", - "metrics": [ - { - "field": "select field", - "id": "1", - "type": "count" - } - ], - "query": "iface:$iface AND src_ip:$src_ip", - "refId": "A", - "target": "", - "timeField": "real_timestamp" - } - ], - "thresholds": "0,10", - "title": "Destination Port by iface:$iface", - "treeMap": { - "aggregationFunction": "sum", - "colorByFunction": "max", - "debug": false, - "depth": 0, - "enableGrouping": true, - "enableTimeBlocks": false, - "groups": [ - { - "key": "server", - "value": "/^.*./g" - } - ], - "ids": [ - "alias" - ], - "mode": "squarify", - "nodeSizeProperty": "value", - "showLegend": true, - "sizeByFunction": "total" - }, - "type": "savantly-heatmap-panel", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ] - }, - { - "aliasColors": {}, - "cacheTimeout": null, - "combine": { - "label": "Others", - "threshold": 0 - }, - "datasource": "${DS_PFSENSE_GRAYLOG}", - "fontSize": "80%", - "format": "none", - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 32 - }, - "id": 9, - "interval": null, - "legend": { - "show": true, - "values": true - }, - "legendType": "Right side", - "links": [], - "maxDataPoints": 3, - "nullPointMode": "connected", - "pieType": "donut", - "strokeWidth": 1, - "targets": [ - { - "alias": "Port: {{PortServiceName}}", - "bucketAggs": [ - { - "fake": true, - "field": "PortServiceName", - "id": "3", - "settings": { - "min_doc_count": 1, - "order": "desc", - "orderBy": "_count", - "size": "10" - }, - "type": "terms" - }, - { - "field": "timestamp_graf", - "id": "2", - "settings": { - "interval": "auto", - "min_doc_count": 0, - "trimEdges": 0 - }, - "type": "date_histogram" - } - ], - "dsType": "elasticsearch", - "metrics": [ - { - "field": "select field", - "id": "1", - "type": "count" - } - ], - "query": "iface:$iface AND src_ip:$src_ip", - "refId": "A", - "target": "", - "timeField": "real_timestamp" - } - ], - "title": "Top 10 port Destination Block by $iface", - "type": "grafana-piechart-panel", - "valueName": "total" - }, - { - "columns": [ - { - "text": "real_timestamp", - "value": "real_timestamp" - }, - { - "text": "src_ip", - "value": "src_ip" - }, - { - "text": "src_port_name", - "value": "src_port_name" - }, - { - "text": "dest_ip", - "value": "dest_ip" - }, - { - "text": "PortServiceName", - "value": "PortServiceName" - }, - { - "text": "proto", - "value": "proto" - }, - { - "text": "action", - "value": "action" - } - ], - "datasource": "${DS_PFSENSE_GRAYLOG}", - "filterNull": false, - "fontSize": "90%", - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 41 - }, - "id": 14, - "links": [], - "pageSize": 10, - "scroll": true, - "showHeader": true, - "sort": { - "col": 0, - "desc": true - }, - "styles": [ - { - "dateFormat": "DD/MM/YY h:mm:ss a", - "pattern": "real_timestamp", - "type": "date" - }, - { - "alias": "Destination Port", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "PortServiceName", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "Source Port Name", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "src_port_name", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "Protocol", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "proto", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "bucketAggs": [], - "dsType": "elasticsearch", - "metrics": [ - { - "field": "select field", - "id": "1", - "meta": {}, - "settings": { - "size": 1000000 - }, - "type": "raw_document" - } - ], - "query": "iface:$iface AND src_ip:$src_ip", - "refId": "A", - "timeField": "real_timestamp" - } - ], - "title": "Real time logs by iface:$iface", - "transform": "json", - "type": "table" - } - ], - "schemaVersion": 16, - "style": "dark", - "tags": [ - "Elasticsearch", - "Firewall", - "Log Analyzer", - "PFsense" - ], - "templating": { - "list": [ - { - "allValue": "*", - "current": {}, - "datasource": "${DS_PFSENSE_GRAYLOG}", - "hide": 0, - "includeAll": true, - "label": "Interface", - "multi": true, - "name": "iface", - "options": [], - "query": "{\"find\": \"terms\", \"field\":\"iface\",\"size\": \"1000000\" }", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": "*", - "current": {}, - "datasource": "${DS_PFSENSE_GRAYLOG}", - "hide": 0, - "includeAll": true, - "label": "Source IP", - "multi": true, - "name": "src_ip", - "options": [], - "query": "{\"find\": \"terms\", \"field\":\"src_ip\",\"query\":\"iface iface:$iface AND NOT src_ip:200.55.146.65\",\"size\": \"1000000\" }", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-24h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "PFsense Graylog", - "uid": "000000030", - "version": 45 -} \ No newline at end of file