{ "__inputs": [ { "name": "DS_PFSENSE_GRAYLOG", "label": "Pfsense Graylog", "description": "", "type": "datasource", "pluginId": "elasticsearch", "pluginName": "Elasticsearch" } ], "__requires": [ { "type": "datasource", "id": "elasticsearch", "name": "Elasticsearch", "version": "5.0.0" }, { "type": "grafana", "id": "grafana", "name": "Grafana", "version": "5.0.3" }, { "type": "panel", "id": "grafana-piechart-panel", "name": "Pie Chart", "version": "1.2.0" }, { "type": "panel", "id": "grafana-worldmap-panel", "name": "Worldmap Panel", "version": "0.0.21" }, { "type": "panel", "id": "graph", "name": "Graph", "version": "5.0.0" }, { "type": "panel", "id": "savantly-heatmap-panel", "name": "Heatmap", "version": "0.2.0" }, { "type": "panel", "id": "singlestat", "name": "Singlestat", "version": "5.0.0" }, { "type": "panel", "id": "table", "name": "Table", "version": "5.0.0" }, { "type": "panel", "id": "text", "name": "Text", "version": "5.0.0" } ], "annotations": { "list": [ { "builtIn": 1, "datasource": "-- Grafana --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "type": "dashboard" } ] }, "editable": true, "gnetId": null, "graphTooltip": 0, "id": null, "iteration": 1523752476189, "links": [ { "asDropdown": true, "icon": "external link", "tags": [ "Elasticsearch" ], "title": "Graylog Dashboards", "type": "dashboards" } ], "panels": [ { "cacheTimeout": null, "colorBackground": false, "colorValue": true, "colors": [ "#299c46", "rgba(237, 129, 40, 0.89)", "#d44a3a" ], "datasource": "${DS_PFSENSE_GRAYLOG}", "format": "none", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 3, "w": 13, "x": 0, "y": 0 }, "id": 18, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": false, "lineColor": "rgb(31, 120, 193)", "show": false }, "tableColumn": "", "targets": [ { "bucketAggs": [ { "field": "real_timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "iface:$iface AND src_ip:$src_ip", "refId": "A", "target": "", "timeField": "real_timestamp" } ], "thresholds": "", "title": "Total Firewall Events", "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "total" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": true, "colors": [ "#299c46", "rgba(237, 129, 40, 0.89)", "#d44a3a" ], "datasource": "${DS_PFSENSE_GRAYLOG}", "format": "none", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 4, "w": 7, "x": 13, "y": 0 }, "id": 8, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "Top ip Block", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": false, "lineColor": "rgb(31, 120, 193)", "show": false }, "tableColumn": "src_ip", "targets": [ { "bucketAggs": [ { "fake": true, "field": "src_ip", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "10" }, "type": "terms" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "iface:$iface AND src_ip:$src_ip", "refId": "A", "target": "", "timeField": "real_timestamp" } ], "thresholds": "", "title": "Top ip Block by $iface", "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "avg" }, { "content": "![https://www.sysadminsdecuba.com](https://www.sysadminsdecuba.com/wp-content/uploads/2017/10/cropped-placeholder-medium.png)\n# PFsense Dashboard Logs Analisys .\nDocumentation in [sysadminsdecuba](https://www.sysadminsdecuba.com)\n\nDesing by: Omar Padrón Capote\n\nemail: omar@mpcfg.co.cu", "gridPos": { "h": 13, "w": 4, "x": 20, "y": 0 }, "id": 16, "links": [], "mode": "markdown", "title": "Credits", "type": "text" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "${DS_PFSENSE_GRAYLOG}", "fill": 1, "gridPos": { "h": 10, "w": 13, "x": 0, "y": 3 }, "id": 4, "legend": { "alignAsTable": false, "avg": false, "current": false, "hideEmpty": false, "hideZero": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "connected", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "bucketAggs": [ { "field": "timestamp_graf", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "iface:$iface AND src_ip:$src_ip", "refId": "A", "timeField": "real_timestamp" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Events by $iface", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "none", "label": "Cantidad", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "none", "label": "", "logBase": 1, "max": null, "min": null, "show": true } ] }, { "aliasColors": {}, "cacheTimeout": null, "combine": { "label": "Others", "threshold": "" }, "datasource": "${DS_PFSENSE_GRAYLOG}", "fontSize": "80%", "format": "none", "gridPos": { "h": 9, "w": 7, "x": 13, "y": 4 }, "id": 2, "interval": null, "legend": { "percentage": true, "show": true, "values": true }, "legendType": "Right side", "links": [], "maxDataPoints": 3, "nullPointMode": "connected", "pieType": "pie", "strokeWidth": "1", "targets": [ { "bucketAggs": [ { "fake": true, "field": "iface", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "0" }, "type": "terms" }, { "field": "timestamp_graf", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "iface:$iface AND src_ip:$src_ip", "refId": "A", "timeField": "real_timestamp" } ], "title": "Block by interface $iface", "type": "grafana-piechart-panel", "valueName": "total" }, { "circleMaxSize": "30", "circleMinSize": 2, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "datasource": "${DS_PFSENSE_GRAYLOG}", "decimals": 0, "esGeoPoint": "src_location", "esLocationName": "src_ip", "esMetric": "Count", "gridPos": { "h": 10, "w": 13, "x": 0, "y": 13 }, "height": "", "hideEmpty": false, "hideZero": false, "id": 1, "initialZoom": "1", "links": [], "locationData": "geohash", "mapCenter": "(0°, 0°)", "mapCenterLatitude": 0, "mapCenterLongitude": 0, "maxDataPoints": 1, "showLegend": true, "stickyLabels": false, "targets": [ { "alias": "", "bucketAggs": [ { "fake": true, "field": "src_ip", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "0" }, "type": "terms" }, { "field": "src_location", "id": "2", "settings": { "precision": 7 }, "type": "geohash_grid" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "iface:$iface AND src_ip:$src_ip", "refId": "A", "timeField": "real_timestamp" } ], "thresholds": "0,10", "title": "GeoIP Block source ip location by $iface", "type": "grafana-worldmap-panel", "unitPlural": "", "unitSingle": "", "valueName": "total" }, { "aliasColors": {}, "cacheTimeout": null, "combine": { "label": "Others", "threshold": 0 }, "datasource": "${DS_PFSENSE_GRAYLOG}", "fontSize": "80%", "format": "none", "gridPos": { "h": 10, "w": 11, "x": 13, "y": 13 }, "id": 5, "interval": null, "legend": { "show": true, "values": true }, "legendType": "Right side", "links": [], "maxDataPoints": 3, "nullPointMode": "connected", "pieType": "pie", "strokeWidth": 1, "targets": [ { "bucketAggs": [ { "fake": true, "field": "proto", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" }, { "field": "timestamp_graf", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "iface:$iface AND src_ip:$src_ip", "refId": "A", "timeField": "real_timestamp" } ], "title": "Protocols by interface $iface", "type": "grafana-piechart-panel", "valueName": "total" }, { "aliasColors": {}, "bars": true, "dashLength": 10, "dashes": false, "datasource": "${DS_PFSENSE_GRAYLOG}", "fill": 1, "gridPos": { "h": 9, "w": 12, "x": 0, "y": 23 }, "id": 12, "legend": { "alignAsTable": true, "avg": false, "current": false, "max": false, "min": false, "rightSide": true, "show": true, "total": true, "values": true }, "lines": false, "linewidth": 10, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "alias": "", "bucketAggs": [ { "fake": true, "field": "src_ip_country_code", "id": "5", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "10" }, "type": "terms" }, { "fake": true, "field": "timestamp_graf", "id": "4", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "iface:$iface AND src_ip:$src_ip", "refId": "A", "timeField": "real_timestamp" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Países by $iface", "tooltip": { "shared": false, "sort": 2, "value_type": "cumulative" }, "type": "graph", "xaxis": { "buckets": null, "mode": "series", "name": "@timestamp", "show": true, "values": [ "total" ] }, "yaxes": [ { "format": "none", "label": "Cantidad de Accesos", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "none", "label": "Paises", "logBase": 1, "max": null, "min": null, "show": true } ] }, { "aliasColors": {}, "bars": true, "dashLength": 10, "dashes": false, "datasource": "${DS_PFSENSE_GRAYLOG}", "fill": 1, "gridPos": { "h": 9, "w": 12, "x": 12, "y": 23 }, "id": 3, "legend": { "alignAsTable": true, "avg": false, "current": false, "max": false, "min": false, "rightSide": true, "show": true, "total": true, "values": true }, "lines": false, "linewidth": 10, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "alias": "City: {{term src_ip_city_name}}", "bucketAggs": [ { "fake": true, "field": "src_ip_city_name", "id": "5", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "10" }, "type": "terms" }, { "fake": true, "field": "timestamp_graf", "id": "4", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "iface:$iface AND src_ip:$src_ip", "refId": "A", "timeField": "real_timestamp" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Cities by iface:$iface", "tooltip": { "shared": false, "sort": 2, "value_type": "cumulative" }, "type": "graph", "xaxis": { "buckets": null, "mode": "series", "name": "@timestamp", "show": false, "values": [ "total" ] }, "yaxes": [ { "format": "none", "label": "Cantidad de Accesos", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "none", "label": "Paises", "logBase": 1, "max": null, "min": null, "show": true } ] }, { "chartId": "chart_11", "colors": [ "rgba(50, 172, 45, 1)", "rgba(241, 255, 0, 1)", "rgba(245, 54, 54, 1)" ], "datasource": "${DS_PFSENSE_GRAYLOG}", "format": "none", "gridPos": { "h": 9, "w": 12, "x": 0, "y": 32 }, "id": 11, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": false, "total": true }, "links": [], "mappingType": 1, "maxDataPoints": 100, "nullPointMode": "connected", "seriesOverrides": [], "targets": [ { "bucketAggs": [ { "fake": true, "field": "PortServiceName", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "20" }, "type": "terms" }, { "field": "timestamp_graf", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "iface:$iface AND src_ip:$src_ip", "refId": "A", "target": "", "timeField": "real_timestamp" } ], "thresholds": "0,10", "title": "Destination Port by iface:$iface", "treeMap": { "aggregationFunction": "sum", "colorByFunction": "max", "debug": false, "depth": 0, "enableGrouping": true, "enableTimeBlocks": false, "groups": [ { "key": "server", "value": "/^.*./g" } ], "ids": [ "alias" ], "mode": "squarify", "nodeSizeProperty": "value", "showLegend": true, "sizeByFunction": "total" }, "type": "savantly-heatmap-panel", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ] }, { "aliasColors": {}, "cacheTimeout": null, "combine": { "label": "Others", "threshold": 0 }, "datasource": "${DS_PFSENSE_GRAYLOG}", "fontSize": "80%", "format": "none", "gridPos": { "h": 9, "w": 12, "x": 12, "y": 32 }, "id": 9, "interval": null, "legend": { "show": true, "values": true }, "legendType": "Right side", "links": [], "maxDataPoints": 3, "nullPointMode": "connected", "pieType": "donut", "strokeWidth": 1, "targets": [ { "alias": "Port: {{PortServiceName}}", "bucketAggs": [ { "fake": true, "field": "PortServiceName", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "10" }, "type": "terms" }, { "field": "timestamp_graf", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "iface:$iface AND src_ip:$src_ip", "refId": "A", "target": "", "timeField": "real_timestamp" } ], "title": "Top 10 port Destination Block by $iface", "type": "grafana-piechart-panel", "valueName": "total" }, { "columns": [ { "text": "real_timestamp", "value": "real_timestamp" }, { "text": "src_ip", "value": "src_ip" }, { "text": "src_port_name", "value": "src_port_name" }, { "text": "dest_ip", "value": "dest_ip" }, { "text": "PortServiceName", "value": "PortServiceName" }, { "text": "proto", "value": "proto" }, { "text": "action", "value": "action" } ], "datasource": "${DS_PFSENSE_GRAYLOG}", "filterNull": false, "fontSize": "90%", "gridPos": { "h": 8, "w": 24, "x": 0, "y": 41 }, "id": 14, "links": [], "pageSize": 10, "scroll": true, "showHeader": true, "sort": { "col": 0, "desc": true }, "styles": [ { "dateFormat": "DD/MM/YY h:mm:ss a", "pattern": "real_timestamp", "type": "date" }, { "alias": "Destination Port", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "PortServiceName", "thresholds": [], "type": "string", "unit": "short" }, { "alias": "Source Port Name", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "src_port_name", "thresholds": [], "type": "string", "unit": "short" }, { "alias": "Protocol", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "proto", "thresholds": [], "type": "string", "unit": "short" }, { "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "decimals": 2, "pattern": "/.*/", "thresholds": [], "type": "number", "unit": "short" } ], "targets": [ { "bucketAggs": [], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "meta": {}, "settings": { "size": 1000000 }, "type": "raw_document" } ], "query": "iface:$iface AND src_ip:$src_ip", "refId": "A", "timeField": "real_timestamp" } ], "title": "Real time logs by iface:$iface", "transform": "json", "type": "table" } ], "schemaVersion": 16, "style": "dark", "tags": [ "Elasticsearch", "Firewall", "Log Analyzer", "PFsense" ], "templating": { "list": [ { "allValue": "*", "current": {}, "datasource": "${DS_PFSENSE_GRAYLOG}", "hide": 0, "includeAll": true, "label": "Interface", "multi": true, "name": "iface", "options": [], "query": "{\"find\": \"terms\", \"field\":\"iface\",\"size\": \"1000000\" }", "refresh": 1, "regex": "", "sort": 0, "tagValuesQuery": "", "tags": [], "tagsQuery": "", "type": "query", "useTags": false }, { "allValue": "*", "current": {}, "datasource": "${DS_PFSENSE_GRAYLOG}", "hide": 0, "includeAll": true, "label": "Source IP", "multi": true, "name": "src_ip", "options": [], "query": "{\"find\": \"terms\", \"field\":\"src_ip\",\"query\":\"iface iface:$iface AND NOT src_ip:200.55.146.65\",\"size\": \"1000000\" }", "refresh": 1, "regex": "", "sort": 0, "tagValuesQuery": "", "tags": [], "tagsQuery": "", "type": "query", "useTags": false } ] }, "time": { "from": "now-24h", "to": "now" }, "timepicker": { "refresh_intervals": [ "5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": [ "5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "browser", "title": "PFsense Graylog", "uid": "000000030", "version": 45 }