Last active
September 1, 2022 21:42
-
-
Save andrewkroh/59f04b802400fe5a9fd361915ac03699 to your computer and use it in GitHub Desktop.
Bash script to dump wireguard peers to JSON
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Licensed to Elasticsearch B.V. under one or more contributor | |
| # license agreements. See the NOTICE file distributed with | |
| # this work for additional information regarding copyright | |
| # ownership. Elasticsearch B.V. licenses this file to you under | |
| # the Apache License, Version 2.0 (the "License"); you may | |
| # not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http:#www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, | |
| # software distributed under the License is distributed on an | |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
| # KIND, either express or implied. See the License for the | |
| # specific language governing permissions and limitations | |
| # under the License. | |
| # Description: | |
| # This script executes the 'wg show all dump' command and converts output | |
| # to NDJSON. | |
| set -euo pipefail | |
| column_names=( | |
| "interface" | |
| "public_key" | |
| "preshared_key" | |
| "endpoint" | |
| "allowed_ips" | |
| "latest_handshake" | |
| "bytes_received" | |
| "bytes_sent" | |
| "persistent_keepalive" | |
| ) | |
| # Store last value in order to convert byte counters to gauges. | |
| declare -A last_bytes_received | |
| declare -A last_bytes_sent | |
| declare diff_from_last | |
| function difference_bytes_received() { | |
| local public_key=$1 | |
| local current_value=$2 | |
| local last | |
| if [ ${last_bytes_received[${public_key}]+_} ]; then | |
| last=${last_bytes_received[${public_key}]} | |
| diff_from_last=$((current_value-last)) | |
| else | |
| diff_from_last=-1 | |
| fi | |
| last_bytes_received+=([${public_key}]=$current_value) | |
| } | |
| function difference_bytes_sent() { | |
| local public_key=$1 | |
| local current_value=$2 | |
| local last | |
| if [ ${last_bytes_sent[${public_key}]+_} ]; then | |
| last=${last_bytes_sent[${public_key}]} | |
| diff_from_last=$((current_value-last)) | |
| else | |
| diff_from_last=-1 | |
| fi | |
| last_bytes_sent+=([${public_key}]=$current_value) | |
| } | |
| while true; do | |
| timestamp="$(date -u +"%Y-%m-%dT%H:%M:%SZ")" | |
| tsv_dump=$(wg show all dump) | |
| # Iterate over each line in the output. | |
| while read -r line; do | |
| # Split the tab separated line and write the elements into 'array'. | |
| IFS=$'\t' read -r -a array <<<"$line" | |
| # These line represents the local interface. | |
| if [ ${#array[@]} == 5 ]; then | |
| port=${array[3]} | |
| # These lines represent the peers. | |
| elif [ ${#array[@]} == 9 ]; then | |
| public_key=${array[1]} | |
| bytes_received=${array[6]} | |
| bytes_sent=${array[7]} | |
| # Convert counters to gauges. | |
| difference_bytes_received "$public_key" "$bytes_received" | |
| array[6]=$diff_from_last | |
| difference_bytes_sent "$public_key" "$bytes_sent" | |
| array[7]=$diff_from_last | |
| # Don't report data on the first execution. | |
| if [ $diff_from_last == -1 ]; then continue; fi | |
| # Output JSON event. | |
| json='{' | |
| json+="\"timestamp\":\"${timestamp}\"," | |
| for i in "${!array[@]}"; do | |
| # Redact any pre-shared keys. | |
| if [ $i == 2 ]; then | |
| continue | |
| fi | |
| json+="\"${column_names[$i]}\":\"${array[$i]}\"," | |
| done | |
| json+="\"port\":${port}" | |
| json+='}' | |
| echo "$json" | |
| fi | |
| done <<<"$tsv_dump" | |
| sleep 30 | |
| done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| description: Process JSON logs from wireguard-logger. | |
| processors: | |
| - set: | |
| field: event.ingested | |
| value: "{{{_ingest.timestamp}}}" | |
| - json: | |
| field: message | |
| target_field: wireguard | |
| - set: | |
| field: event.module | |
| value: wireguard | |
| - set: | |
| field: event.dataset | |
| value: wireguard.peers | |
| - set: | |
| field: network.transport | |
| value: udp | |
| - date: | |
| field: wireguard.timestamp | |
| formats: | |
| - ISO8601 | |
| - dissect: | |
| if: ctx.wireguard.endpoint.startsWith('[') | |
| field: wireguard.endpoint | |
| pattern: "[%{source.ip}]:%{source.port}" | |
| - dissect: | |
| if: "!ctx.wireguard.endpoint.startsWith('[')" | |
| field: wireguard.endpoint | |
| pattern: "%{source.ip}:%{source.port}" | |
| ignore_failure: true | |
| - set: | |
| if: ctx?.source?.ip != null && ctx.source.ip.contains(':') | |
| field: network.type | |
| value: ipv6 | |
| - set: | |
| if: ctx?.source?.ip != null && !ctx.source.ip.contains(':') | |
| field: network.type | |
| value: ipv4 | |
| - convert: | |
| field: source.port | |
| type: long | |
| ignore_missing: true | |
| - convert: | |
| field: wireguard.port | |
| target_field: destination.port | |
| type: long | |
| - convert: | |
| field: wireguard.bytes_received | |
| target_field: source.bytes | |
| type: long | |
| - convert: | |
| field: wireguard.bytes_sent | |
| target_field: destination.bytes | |
| type: long | |
| - date: | |
| field: wireguard.latest_handshake | |
| target_field: wireguard.latest_handshake | |
| formats: | |
| - UNIX | |
| - split: | |
| field: wireguard.allowed_ips | |
| separator: ', ' | |
| - geoip: | |
| if: ctx?.source?.geo == null | |
| field: source.ip | |
| target_field: source.geo | |
| ignore_missing: true | |
| - geoip: | |
| if: ctx?.destination?.geo == null | |
| field: destination.ip | |
| target_field: destination.geo | |
| ignore_missing: true | |
| - geoip: | |
| database_file: GeoLite2-ASN.mmdb | |
| field: source.ip | |
| target_field: source.as | |
| properties: | |
| - asn | |
| - organization_name | |
| ignore_missing: true | |
| - geoip: | |
| database_file: GeoLite2-ASN.mmdb | |
| field: destination.ip | |
| target_field: destination.as | |
| properties: | |
| - asn | |
| - organization_name | |
| ignore_missing: true | |
| - rename: | |
| field: source.as.asn | |
| target_field: source.as.number | |
| ignore_missing: true | |
| - rename: | |
| field: source.as.organization_name | |
| target_field: source.as.organization.name | |
| ignore_missing: true | |
| - rename: | |
| field: destination.as.asn | |
| target_field: destination.as.number | |
| ignore_missing: true | |
| - rename: | |
| field: destination.as.organization_name | |
| target_field: destination.as.organization.name | |
| ignore_missing: true | |
| - script: | |
| lang: painless | |
| tag: destination-ip-from-host-ip | |
| if: ctx?.host?.ip != null && ctx?.network?.type != null | |
| description: Set destination.ip to the first IP in host.ip that matches the network.type. | |
| source: | | |
| def isIPv4 = ctx.network.type == "ipv4" ? true : false; | |
| for (ip in ctx.host.ip) { | |
| // IPv4 | |
| if (isIPv4 && !ip.contains(':')) { | |
| ctx.destination.ip = ip; | |
| break; | |
| // IPv6 | |
| } else if (!isIPv4 && ip.contains(':')) { | |
| ctx.destination.ip = ip; | |
| break; | |
| } | |
| } | |
| - community_id: | |
| ignore_failure: true | |
| - script: | |
| lang: painless | |
| tag: calc-network-bytes | |
| description: Sum source.bytes and destination.bytes to network.bytes. | |
| source: | | |
| ctx.network.bytes = ctx.source.bytes + ctx.destination.bytes; | |
| - script: | |
| lang: painless | |
| tag: is-active-flag | |
| description: Compute whether peer is active based on latest handshake. | |
| source: | | |
| def ts = Instant.parse(ctx['@timestamp']); | |
| def latest_handshake = Instant.parse(ctx.wireguard.latest_handshake); | |
| def elapsed = ChronoUnit.SECONDS.between(latest_handshake, ts); | |
| ctx.wireguard.is_active = elapsed < 360; | |
| - append: | |
| if: ctx?.source?.ip != null | |
| field: related.ip | |
| value: '{{{source.ip}}}' | |
| allow_duplicates: false | |
| - append: | |
| if: ctx?.destination?.ip != null | |
| field: related.ip | |
| value: '{{{destination.ip}}}' | |
| allow_duplicates: false | |
| - script: | |
| lang: painless | |
| tag: allowed-ip-to-related-ip | |
| description: Append allowed IPs (without the range) to related.ip. | |
| source: | | |
| def ips = []; | |
| for (cidr in ctx.wireguard.allowed_ips) { | |
| def idx = cidr.indexOf('/'); | |
| if (idx == -1) { continue } | |
| def ip = cidr.substring(0, idx); | |
| ips.add(ip); | |
| } | |
| if (ctx?.related == null) { | |
| ctx['related'] = [:]; | |
| } | |
| if (ctx?.related?.ip == null) { | |
| ctx['related']['ip'] = ips; | |
| } else { | |
| ctx.related.ip.addAll(ips); | |
| } | |
| on_failure: | |
| - append: | |
| field: error.message | |
| value: | |
| - error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} | |
| with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} | |
| {{ _ingest.on_failure_message }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"attributes":{"fieldAttrs":"{\"systemd.unit\":{\"count\":2},\"wireguard.is_active\":{\"count\":4},\"wireguard.last_seen\":{\"count\":3},\"wireguard.public_key\":{\"count\":2},\"source.as.organization.name\":{\"count\":1},\"source.ip\":{\"count\":1},\"wireguard.endpoint\":{\"count\":3},\"destination.geo.location\":{\"count\":1},\"source.geo.location\":{\"count\":1},\"destination.ip\":{\"count\":1},\"error.message\":{\"count\":1},\"wireguard.latest_handshake\":{\"count\":1},\"network.bytes\":{\"count\":1},\"source.user.full_name\":{\"count\":1}}","fieldFormatMap":"{\"source.bytes\":{\"id\":\"bytes\"},\"destination.bytes\":{\"id\":\"bytes\"}}","fields":"[]","runtimeFieldMap":"{}","timeFieldName":"@timestamp","title":"journalbeat-*"},"coreMigrationVersion":"7.12.1","id":"43817430-93c1-11ea-9474-d5854a544239","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"type":"index-pattern","updated_at":"2021-05-04T19:06:34.087Z","version":"WzExMDAwOSwyXQ=="} | |
| {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"wireguard.is_active\",\"negate\":false,\"params\":{\"query\":true},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"wireguard.is_active\":true}}}]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.12.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":12,\"i\":\"5473fb71-4b31-4d7a-9868-c09fdcc8bae0\"},\"panelIndex\":\"5473fb71-4b31-4d7a-9868-c09fdcc8bae0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"a5cb2e5c-ea13-4485-85bd-6a3e28dd2f8b\":{\"columns\":{\"a5549ce1-c48a-4905-84ce-7874757c138b\":{\"label\":\"Public Key\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"wireguard.public_key\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a595dce7-17d9-4a3d-be4b-cc85097a7535\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"8c328dc7-c0b5-48bd-8387-9b116f73778d\":{\"label\":\"City\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.geo.city_name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":true},\"customLabel\":true},\"d93e66d1-9b61-47fa-b964-2cac3b71f821\":{\"label\":\"Region\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.geo.region_iso_code\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":true},\"customLabel\":true},\"a595dce7-17d9-4a3d-be4b-cc85097a7535\":{\"label\":\"source.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"source.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"75b6891c-fae3-472b-b0b1-4ff69e034686\":{\"label\":\"destination.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"destination.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"543bc1e7-114f-4c65-9e8b-56f85f33a273\":{\"label\":\"Active\",\"dataType\":\"boolean\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"wireguard.is_active\",\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"74737048-293a-4975-ab3b-5501a5d9d089\":{\"label\":\"Network\",\"dataType\":\"string\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ordinal\",\"sourceField\":\"source.as.organization.name\",\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"3539767d-4cef-4744-a376-51cc20ac0550\":{\"label\":\"User\",\"dataType\":\"string\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ordinal\",\"sourceField\":\"source.user.full_name\",\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"70f4de0d-4cce-4940-83aa-9e70fddb060a\":{\"label\":\"Latest Handshake\",\"dataType\":\"string\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ordinal\",\"sourceField\":\"wireguard.latest_handshake\",\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"18e2dfa5-fc22-4dbe-b9b7-ba53a2c5d578\":{\"label\":\"Public IP\",\"dataType\":\"ip\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"source.ip\",\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true}},\"columnOrder\":[\"a5549ce1-c48a-4905-84ce-7874757c138b\",\"d93e66d1-9b61-47fa-b964-2cac3b71f821\",\"8c328dc7-c0b5-48bd-8387-9b116f73778d\",\"3539767d-4cef-4744-a376-51cc20ac0550\",\"74737048-293a-4975-ab3b-5501a5d9d089\",\"a595dce7-17d9-4a3d-be4b-cc85097a7535\",\"75b6891c-fae3-472b-b0b1-4ff69e034686\",\"70f4de0d-4cce-4940-83aa-9e70fddb060a\",\"543bc1e7-114f-4c65-9e8b-56f85f33a273\",\"18e2dfa5-fc22-4dbe-b9b7-ba53a2c5d578\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"columnId\":\"a5549ce1-c48a-4905-84ce-7874757c138b\"},{\"columnId\":\"8c328dc7-c0b5-48bd-8387-9b116f73778d\"},{\"columnId\":\"d93e66d1-9b61-47fa-b964-2cac3b71f821\"},{\"columnId\":\"a595dce7-17d9-4a3d-be4b-cc85097a7535\"},{\"columnId\":\"75b6891c-fae3-472b-b0b1-4ff69e034686\"},{\"columnId\":\"543bc1e7-114f-4c65-9e8b-56f85f33a273\"},{\"columnId\":\"70f4de0d-4cce-4940-83aa-9e70fddb060a\"},{\"columnId\":\"74737048-293a-4975-ab3b-5501a5d9d089\"},{\"columnId\":\"3539767d-4cef-4744-a376-51cc20ac0550\"},{\"columnId\":\"18e2dfa5-fc22-4dbe-b9b7-ba53a2c5d578\"}],\"layerId\":\"a5cb2e5c-ea13-4485-85bd-6a3e28dd2f8b\",\"sorting\":{\"columnId\":\"a595dce7-17d9-4a3d-be4b-cc85097a7535\",\"direction\":\"desc\"}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"43817430-93c1-11ea-9474-d5854a544239\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"43817430-93c1-11ea-9474-d5854a544239\",\"name\":\"indexpattern-datasource-layer-a5cb2e5c-ea13-4485-85bd-6a3e28dd2f8b\"}]},\"enhancements\":{}}},{\"version\":\"7.12.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":12,\"w\":24,\"h\":15,\"i\":\"b5ec3a69-3a1e-405b-ad45-5fa6778e13d9\"},\"panelIndex\":\"b5ec3a69-3a1e-405b-ad45-5fa6778e13d9\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"packetbeat-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"systemd.unit: \\\"wireguard-logger.service\\\" and network.bytes > 0\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"journalbeat-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Source Bytes\",\"line_width\":1,\"metrics\":[{\"unit\":\"\",\"field\":\"source.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"source.user.full_name\",\"type\":\"timeseries\",\"filter\":{\"query\":\"source.bytes > 0\",\"language\":\"kuery\"}}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\",\"max_bars\":30},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"source.bytes\"},{\"version\":\"7.12.1\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":12,\"w\":24,\"h\":15,\"i\":\"80860284-8106-4bd2-9d0e-247a5a94c5b4\"},\"panelIndex\":\"80860284-8106-4bd2-9d0e-247a5a94c5b4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true},\\\"id\\\":\\\"8954f780-3c73-4125-a58f-45409e2c1a34\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"type\\\":\\\"VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"43817430-93c1-11ea-9474-d5854a544239\\\",\\\"sourceGeoField\\\":\\\"source.geo.location\\\",\\\"destGeoField\\\":\\\"destination.geo.location\\\",\\\"id\\\":\\\"7f89a60f-9f18-4578-81fa-d7742c7044ac\\\",\\\"type\\\":\\\"ES_PEW_PEW\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"metrics\\\":[{\\\"type\\\":\\\"sum\\\",\\\"field\\\":\\\"network.bytes\\\"}]},\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"DYNAMIC\\\",\\\"options\\\":{\\\"color\\\":\\\"Greys\\\",\\\"colorCategory\\\":\\\"palette_0\\\",\\\"field\\\":{\\\"origin\\\":\\\"source\\\",\\\"name\\\":\\\"sum_of_network.bytes\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":true,\\\"sigma\\\":3},\\\"type\\\":\\\"ORDINAL\\\",\\\"useCustomColorRamp\\\":false}},\\\"lineWidth\\\":{\\\"type\\\":\\\"DYNAMIC\\\",\\\"options\\\":{\\\"minSize\\\":1,\\\"maxSize\\\":10,\\\"field\\\":{\\\"origin\\\":\\\"source\\\",\\\"name\\\":\\\"sum_of_network.bytes\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":true,\\\"sigma\\\":3}}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":6}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"\\\"}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}}},\\\"isTimeAware\\\":true},\\\"id\\\":\\\"fa3ec35b-a076-4c59-bbdd-fa43f7b87a36\\\",\\\"label\\\":\\\"Connections\\\",\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.94,\\\"visible\\\":true,\\\"type\\\":\\\"VECTOR\\\",\\\"joins\\\":[],\\\"query\\\":{\\\"query\\\":\\\"event.module:\\\\\\\"wireguard\\\\\\\" \\\",\\\"language\\\":\\\"kuery\\\"}},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"43817430-93c1-11ea-9474-d5854a544239\\\",\\\"geoField\\\":\\\"source.geo.location\\\",\\\"filterByMapBounds\\\":true,\\\"scalingType\\\":\\\"LIMIT\\\",\\\"topHitsSplitField\\\":\\\"\\\",\\\"topHitsSize\\\":1,\\\"id\\\":\\\"555c7b56-1cff-45e5-ae30-1d3d0b8eda79\\\",\\\"type\\\":\\\"ES_SEARCH\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"tooltipProperties\\\":[],\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\"},\\\"id\\\":\\\"2d4f83fb-2432-454a-93fd-78a0913c49cc\\\",\\\"label\\\":\\\"Peer Locations\\\",\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#6092C0\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#4379aa\\\"}},\\\"lineWidth\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":1}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":6}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"\\\"}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}}},\\\"isTimeAware\\\":true},\\\"type\\\":\\\"VECTOR\\\",\\\"joins\\\":[],\\\"query\\\":{\\\"query\\\":\\\"event.module:\\\\\\\"wireguard\\\\\\\" \\\",\\\"language\\\":\\\"kuery\\\"}}]\",\"mapStateJSON\":\"{\\\"zoom\\\":4.37,\\\"center\\\":{\\\"lon\\\":-84.25132,\\\"lat\\\":39.86479},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-24h\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"mapCenter\":{\"lat\":39.86479,\"lon\":-84.25132,\"zoom\":4.37},\"mapBuffer\":{\"minLon\":-114.27696,\"minLat\":29.582649999999997,\"maxLon\":-54.225680000000004,\"maxLat\":49.776210000000006},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}}},{\"version\":\"7.12.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":27,\"w\":24,\"h\":14,\"i\":\"9fd5ace8-974f-48d3-81c7-e8c7a1c093ca\"},\"panelIndex\":\"9fd5ace8-974f-48d3-81c7-e8c7a1c093ca\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"packetbeat-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"systemd.unit: \\\"wireguard-logger.service\\\" and network.bytes > 0\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"journalbeat-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Destination Bytes\",\"line_width\":1,\"metrics\":[{\"unit\":\"\",\"field\":\"destination.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"source.user.full_name\",\"type\":\"timeseries\",\"filter\":{\"query\":\"destination.bytes > 0\",\"language\":\"kuery\"}}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\",\"max_bars\":30},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"destination.bytes\"}]","timeRestore":false,"title":"Wireguard Peers","version":1},"coreMigrationVersion":"7.12.1","id":"76228200-a921-11eb-8fb4-0d4b334f360a","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"43817430-93c1-11ea-9474-d5854a544239","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"43817430-93c1-11ea-9474-d5854a544239","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"43817430-93c1-11ea-9474-d5854a544239","name":"indexpattern-datasource-layer-a5cb2e5c-ea13-4485-85bd-6a3e28dd2f8b","type":"index-pattern"},{"id":"43817430-93c1-11ea-9474-d5854a544239","name":"layer_1_source_index_pattern","type":"index-pattern"},{"id":"43817430-93c1-11ea-9474-d5854a544239","name":"layer_2_source_index_pattern","type":"index-pattern"}],"sort":[1620156460484,3840],"type":"dashboard","updated_at":"2021-05-04T19:27:40.484Z","version":"WzExMDQ1MCwyXQ=="} | |
| {"exportedCount":2,"missingRefCount":0,"missingReferences":[]} |
Author
andrewkroh
commented
May 3, 2021
•
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment