Created
July 21, 2024 19:06
-
-
Save qistoph/82b3beecffe2914694eb7f4b7d465047 to your computer and use it in GitHub Desktop.
Crowdsec - Grafana Dashboard and Telegraf/InfluxDB import
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "annotations": { | |
| "list": [ | |
| { | |
| "builtIn": 1, | |
| "datasource": { | |
| "type": "datasource", | |
| "uid": "grafana" | |
| }, | |
| "enable": true, | |
| "hide": true, | |
| "iconColor": "rgba(0, 211, 255, 1)", | |
| "name": "Annotations & Alerts", | |
| "target": { | |
| "limit": 100, | |
| "matchAny": false, | |
| "tags": [], | |
| "type": "dashboard" | |
| }, | |
| "type": "dashboard" | |
| } | |
| ] | |
| }, | |
| "description": "Display logs shipped from the crowdsec agent via telegraf to influxdb", | |
| "editable": true, | |
| "fiscalYearStartMonth": 0, | |
| "gnetId": 16051, | |
| "graphTooltip": 0, | |
| "id": 19, | |
| "links": [], | |
| "liveNow": false, | |
| "panels": [ | |
| { | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "fieldConfig": { | |
| "defaults": { | |
| "color": { | |
| "mode": "thresholds" | |
| }, | |
| "custom": { | |
| "hideFrom": { | |
| "legend": false, | |
| "tooltip": false, | |
| "viz": false | |
| } | |
| }, | |
| "mappings": [], | |
| "thresholds": { | |
| "mode": "absolute", | |
| "steps": [ | |
| { | |
| "color": "green", | |
| "value": null | |
| }, | |
| { | |
| "color": "red", | |
| "value": 80 | |
| } | |
| ] | |
| } | |
| }, | |
| "overrides": [] | |
| }, | |
| "gridPos": { | |
| "h": 14, | |
| "w": 12, | |
| "x": 0, | |
| "y": 0 | |
| }, | |
| "id": 21, | |
| "options": { | |
| "basemap": { | |
| "config": {}, | |
| "name": "Layer 0", | |
| "type": "default" | |
| }, | |
| "controls": { | |
| "mouseWheelZoom": true, | |
| "showAttribution": true, | |
| "showDebug": false, | |
| "showMeasure": false, | |
| "showScale": false, | |
| "showZoom": true | |
| }, | |
| "layers": [ | |
| { | |
| "config": { | |
| "showLegend": false, | |
| "style": { | |
| "color": { | |
| "fixed": "dark-red" | |
| }, | |
| "opacity": 0.3, | |
| "rotation": { | |
| "fixed": 0, | |
| "max": 360, | |
| "min": -360, | |
| "mode": "mod" | |
| }, | |
| "size": { | |
| "field": "count", | |
| "fixed": 5, | |
| "max": 30, | |
| "min": 2 | |
| }, | |
| "symbol": { | |
| "fixed": "img/icons/marker/circle.svg", | |
| "mode": "fixed" | |
| }, | |
| "symbolAlign": { | |
| "horizontal": "center", | |
| "vertical": "center" | |
| }, | |
| "text": { | |
| "field": "country_code", | |
| "fixed": "", | |
| "mode": "field" | |
| }, | |
| "textConfig": { | |
| "fontSize": 12, | |
| "offsetX": 0, | |
| "offsetY": 0, | |
| "textAlign": "center", | |
| "textBaseline": "middle" | |
| } | |
| } | |
| }, | |
| "filterData": { | |
| "id": "byRefId", | |
| "options": "A" | |
| }, | |
| "location": { | |
| "gazetteer": "public/gazetteer/countries.json", | |
| "lookup": "country_code", | |
| "mode": "lookup" | |
| }, | |
| "name": "Bans", | |
| "tooltip": true, | |
| "type": "markers" | |
| } | |
| ], | |
| "tooltip": { | |
| "mode": "details" | |
| }, | |
| "view": { | |
| "allLayers": true, | |
| "id": "coords", | |
| "lat": 46.870454, | |
| "lon": 7.225354, | |
| "zoom": 1.69 | |
| } | |
| }, | |
| "pluginVersion": "11.1.0", | |
| "targets": [ | |
| { | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "groupBy": [ | |
| { | |
| "params": [ | |
| "country_code::tag" | |
| ], | |
| "type": "tag" | |
| } | |
| ], | |
| "measurement": "crowdseclog", | |
| "orderByTime": "ASC", | |
| "policy": "default", | |
| "refId": "A", | |
| "resultFormat": "table", | |
| "select": [ | |
| [ | |
| { | |
| "params": [ | |
| "ban_length" | |
| ], | |
| "type": "field" | |
| }, | |
| { | |
| "params": [], | |
| "type": "count" | |
| } | |
| ] | |
| ], | |
| "tags": [] | |
| } | |
| ], | |
| "title": "IP bans per country of origin", | |
| "type": "geomap" | |
| }, | |
| { | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "description": "IPs banned per ASN", | |
| "fieldConfig": { | |
| "defaults": { | |
| "color": { | |
| "mode": "thresholds" | |
| }, | |
| "displayName": "${__series.name}", | |
| "mappings": [], | |
| "thresholds": { | |
| "mode": "percentage", | |
| "steps": [ | |
| { | |
| "color": "orange", | |
| "value": null | |
| } | |
| ] | |
| } | |
| }, | |
| "overrides": [] | |
| }, | |
| "gridPos": { | |
| "h": 14, | |
| "w": 12, | |
| "x": 12, | |
| "y": 0 | |
| }, | |
| "id": 6, | |
| "maxDataPoints": 1, | |
| "options": { | |
| "displayMode": "lcd", | |
| "maxVizHeight": 300, | |
| "minVizHeight": 10, | |
| "minVizWidth": 0, | |
| "namePlacement": "auto", | |
| "orientation": "horizontal", | |
| "reduceOptions": { | |
| "calcs": [ | |
| "lastNotNull" | |
| ], | |
| "fields": "", | |
| "values": false | |
| }, | |
| "showUnfilled": true, | |
| "sizing": "auto", | |
| "text": {}, | |
| "valueMode": "color" | |
| }, | |
| "pluginVersion": "11.1.0", | |
| "targets": [ | |
| { | |
| "alias": "ASN: $tag_asn ($tag_country_code)", | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "groupBy": [ | |
| { | |
| "params": [ | |
| "asn" | |
| ], | |
| "type": "tag" | |
| }, | |
| { | |
| "params": [ | |
| "country_code" | |
| ], | |
| "type": "tag" | |
| } | |
| ], | |
| "measurement": "crowdseclog", | |
| "orderByTime": "ASC", | |
| "policy": "default", | |
| "refId": "A", | |
| "resultFormat": "time_series", | |
| "select": [ | |
| [ | |
| { | |
| "params": [ | |
| "ban_length" | |
| ], | |
| "type": "field" | |
| }, | |
| { | |
| "params": [], | |
| "type": "count" | |
| } | |
| ] | |
| ], | |
| "tags": [] | |
| } | |
| ], | |
| "title": "Top ASNs (IPs banned) ", | |
| "type": "bargauge" | |
| }, | |
| { | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "fieldConfig": { | |
| "defaults": { | |
| "color": { | |
| "mode": "thresholds" | |
| }, | |
| "mappings": [], | |
| "thresholds": { | |
| "mode": "absolute", | |
| "steps": [ | |
| { | |
| "color": "green", | |
| "value": null | |
| }, | |
| { | |
| "color": "red", | |
| "value": 80 | |
| } | |
| ] | |
| } | |
| }, | |
| "overrides": [] | |
| }, | |
| "gridPos": { | |
| "h": 10, | |
| "w": 12, | |
| "x": 0, | |
| "y": 14 | |
| }, | |
| "id": 20, | |
| "maxDataPoints": 20, | |
| "options": { | |
| "colorMode": "value", | |
| "graphMode": "area", | |
| "justifyMode": "auto", | |
| "orientation": "auto", | |
| "percentChangeColorMode": "standard", | |
| "reduceOptions": { | |
| "calcs": [ | |
| "sum" | |
| ], | |
| "fields": "", | |
| "values": false | |
| }, | |
| "showPercentChange": false, | |
| "textMode": "value_and_name", | |
| "wideLayout": true | |
| }, | |
| "pluginVersion": "11.1.0", | |
| "targets": [ | |
| { | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "groupBy": [ | |
| { | |
| "params": [ | |
| "$__interval" | |
| ], | |
| "type": "time" | |
| }, | |
| { | |
| "params": [ | |
| "country_code" | |
| ], | |
| "type": "tag" | |
| } | |
| ], | |
| "measurement": "crowdseclog", | |
| "orderByTime": "ASC", | |
| "policy": "default", | |
| "refId": "A", | |
| "resultFormat": "time_series", | |
| "select": [ | |
| [ | |
| { | |
| "params": [ | |
| "ban_length" | |
| ], | |
| "type": "field" | |
| }, | |
| { | |
| "params": [], | |
| "type": "count" | |
| } | |
| ] | |
| ], | |
| "tags": [] | |
| } | |
| ], | |
| "title": "Attack Origin", | |
| "transformations": [ | |
| { | |
| "id": "renameByRegex", | |
| "options": { | |
| "regex": ".*country_code:\\s(\\S+)\\s*}", | |
| "renamePattern": "$1" | |
| } | |
| } | |
| ], | |
| "type": "stat" | |
| }, | |
| { | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "fieldConfig": { | |
| "defaults": { | |
| "color": { | |
| "mode": "palette-classic" | |
| }, | |
| "custom": { | |
| "hideFrom": { | |
| "legend": false, | |
| "tooltip": false, | |
| "viz": false | |
| } | |
| }, | |
| "mappings": [] | |
| }, | |
| "overrides": [] | |
| }, | |
| "gridPos": { | |
| "h": 10, | |
| "w": 12, | |
| "x": 12, | |
| "y": 14 | |
| }, | |
| "id": 3, | |
| "maxDataPoints": 1, | |
| "options": { | |
| "legend": { | |
| "displayMode": "list", | |
| "placement": "right", | |
| "showLegend": true, | |
| "values": [ | |
| "percent" | |
| ] | |
| }, | |
| "pieType": "donut", | |
| "reduceOptions": { | |
| "calcs": [ | |
| "lastNotNull" | |
| ], | |
| "fields": "", | |
| "values": false | |
| }, | |
| "tooltip": { | |
| "mode": "single", | |
| "sort": "none" | |
| } | |
| }, | |
| "pluginVersion": "8.4.3-54429", | |
| "targets": [ | |
| { | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "groupBy": [ | |
| { | |
| "params": [ | |
| "behavior" | |
| ], | |
| "type": "tag" | |
| } | |
| ], | |
| "measurement": "crowdseclog", | |
| "orderByTime": "ASC", | |
| "policy": "default", | |
| "refId": "A", | |
| "resultFormat": "time_series", | |
| "select": [ | |
| [ | |
| { | |
| "params": [ | |
| "ban_length" | |
| ], | |
| "type": "field" | |
| }, | |
| { | |
| "params": [], | |
| "type": "cumulative_sum" | |
| } | |
| ] | |
| ], | |
| "tags": [] | |
| } | |
| ], | |
| "title": "Behaviors", | |
| "transformations": [ | |
| { | |
| "id": "renameByRegex", | |
| "options": { | |
| "regex": ".*behavior: [^/]*/(.*)}", | |
| "renamePattern": "$1" | |
| } | |
| } | |
| ], | |
| "type": "piechart" | |
| }, | |
| { | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "fieldConfig": { | |
| "defaults": { | |
| "color": { | |
| "mode": "palette-classic" | |
| }, | |
| "custom": { | |
| "axisBorderShow": false, | |
| "axisCenteredZero": false, | |
| "axisColorMode": "text", | |
| "axisLabel": "", | |
| "axisPlacement": "auto", | |
| "barAlignment": 0, | |
| "drawStyle": "line", | |
| "fillOpacity": 0, | |
| "gradientMode": "none", | |
| "hideFrom": { | |
| "legend": false, | |
| "tooltip": false, | |
| "viz": false | |
| }, | |
| "insertNulls": false, | |
| "lineInterpolation": "linear", | |
| "lineWidth": 1, | |
| "pointSize": 5, | |
| "scaleDistribution": { | |
| "type": "linear" | |
| }, | |
| "showPoints": "auto", | |
| "spanNulls": false, | |
| "stacking": { | |
| "group": "A", | |
| "mode": "none" | |
| }, | |
| "thresholdsStyle": { | |
| "mode": "off" | |
| } | |
| }, | |
| "mappings": [], | |
| "min": 0, | |
| "noValue": "0", | |
| "thresholds": { | |
| "mode": "absolute", | |
| "steps": [ | |
| { | |
| "color": "green", | |
| "value": null | |
| }, | |
| { | |
| "color": "red", | |
| "value": 80 | |
| } | |
| ] | |
| }, | |
| "unit": "none" | |
| }, | |
| "overrides": [] | |
| }, | |
| "gridPos": { | |
| "h": 8, | |
| "w": 12, | |
| "x": 0, | |
| "y": 24 | |
| }, | |
| "id": 8, | |
| "interval": "1m", | |
| "options": { | |
| "legend": { | |
| "calcs": [], | |
| "displayMode": "list", | |
| "placement": "bottom", | |
| "showLegend": true | |
| }, | |
| "tooltip": { | |
| "mode": "single", | |
| "sort": "none" | |
| } | |
| }, | |
| "targets": [ | |
| { | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "groupBy": [ | |
| { | |
| "params": [ | |
| "$__interval" | |
| ], | |
| "type": "time" | |
| }, | |
| { | |
| "params": [ | |
| "reason" | |
| ], | |
| "type": "tag" | |
| }, | |
| { | |
| "params": [ | |
| "null" | |
| ], | |
| "type": "fill" | |
| } | |
| ], | |
| "measurement": "crowdsec_cs_active_decisions", | |
| "orderByTime": "ASC", | |
| "policy": "default", | |
| "refId": "A", | |
| "resultFormat": "time_series", | |
| "select": [ | |
| [ | |
| { | |
| "params": [ | |
| "gauge" | |
| ], | |
| "type": "field" | |
| }, | |
| { | |
| "params": [], | |
| "type": "mean" | |
| } | |
| ] | |
| ], | |
| "tags": [ | |
| { | |
| "key": "origin", | |
| "operator": "=", | |
| "value": "crowdsec" | |
| }, | |
| { | |
| "condition": "AND", | |
| "key": "host", | |
| "operator": "=~", | |
| "value": "/^$host$/" | |
| } | |
| ] | |
| } | |
| ], | |
| "title": "Banned Hosts", | |
| "transformations": [ | |
| { | |
| "id": "renameByRegex", | |
| "options": { | |
| "regex": ".*reason: [^/]+/(.*)}", | |
| "renamePattern": "$1" | |
| } | |
| } | |
| ], | |
| "type": "timeseries" | |
| }, | |
| { | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "description": "", | |
| "fieldConfig": { | |
| "defaults": { | |
| "color": { | |
| "mode": "palette-classic" | |
| }, | |
| "custom": { | |
| "axisBorderShow": false, | |
| "axisCenteredZero": false, | |
| "axisColorMode": "text", | |
| "axisLabel": "", | |
| "axisPlacement": "auto", | |
| "barAlignment": 0, | |
| "drawStyle": "line", | |
| "fillOpacity": 0, | |
| "gradientMode": "none", | |
| "hideFrom": { | |
| "legend": false, | |
| "tooltip": false, | |
| "viz": false | |
| }, | |
| "insertNulls": false, | |
| "lineInterpolation": "linear", | |
| "lineWidth": 1, | |
| "pointSize": 5, | |
| "scaleDistribution": { | |
| "type": "linear" | |
| }, | |
| "showPoints": "auto", | |
| "spanNulls": false, | |
| "stacking": { | |
| "group": "A", | |
| "mode": "none" | |
| }, | |
| "thresholdsStyle": { | |
| "mode": "off" | |
| } | |
| }, | |
| "mappings": [], | |
| "noValue": "0", | |
| "thresholds": { | |
| "mode": "absolute", | |
| "steps": [ | |
| { | |
| "color": "green", | |
| "value": null | |
| }, | |
| { | |
| "color": "red", | |
| "value": 80 | |
| } | |
| ] | |
| } | |
| }, | |
| "overrides": [] | |
| }, | |
| "gridPos": { | |
| "h": 8, | |
| "w": 12, | |
| "x": 12, | |
| "y": 24 | |
| }, | |
| "id": 18, | |
| "interval": "1m", | |
| "options": { | |
| "legend": { | |
| "calcs": [ | |
| "last", | |
| "mean", | |
| "max" | |
| ], | |
| "displayMode": "table", | |
| "placement": "bottom", | |
| "showLegend": true | |
| }, | |
| "tooltip": { | |
| "mode": "single", | |
| "sort": "none" | |
| } | |
| }, | |
| "targets": [ | |
| { | |
| "alias": "$tag_bouncer Allow", | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "groupBy": [ | |
| { | |
| "params": [ | |
| "$__interval" | |
| ], | |
| "type": "time" | |
| }, | |
| { | |
| "params": [ | |
| "bouncer" | |
| ], | |
| "type": "tag" | |
| }, | |
| { | |
| "params": [ | |
| "null" | |
| ], | |
| "type": "fill" | |
| } | |
| ], | |
| "hide": false, | |
| "measurement": "crowdsec_cs_lapi_decisions_ko_total", | |
| "orderByTime": "ASC", | |
| "policy": "default", | |
| "refId": "A", | |
| "resultFormat": "time_series", | |
| "select": [ | |
| [ | |
| { | |
| "params": [ | |
| "*" | |
| ], | |
| "type": "field" | |
| }, | |
| { | |
| "params": [], | |
| "type": "mean" | |
| }, | |
| { | |
| "params": [ | |
| "1m" | |
| ], | |
| "type": "non_negative_derivative" | |
| } | |
| ] | |
| ], | |
| "tags": [ | |
| { | |
| "key": "host", | |
| "operator": "=~", | |
| "value": "/^$host$/" | |
| } | |
| ] | |
| }, | |
| { | |
| "alias": "$tag_bouncer Deny", | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "groupBy": [ | |
| { | |
| "params": [ | |
| "$__interval" | |
| ], | |
| "type": "time" | |
| }, | |
| { | |
| "params": [ | |
| "bouncer" | |
| ], | |
| "type": "tag" | |
| }, | |
| { | |
| "params": [ | |
| "null" | |
| ], | |
| "type": "fill" | |
| } | |
| ], | |
| "hide": false, | |
| "measurement": "crowdsec_cs_lapi_decisions_ok_total", | |
| "orderByTime": "ASC", | |
| "policy": "default", | |
| "refId": "B", | |
| "resultFormat": "time_series", | |
| "select": [ | |
| [ | |
| { | |
| "params": [ | |
| "counter" | |
| ], | |
| "type": "field" | |
| }, | |
| { | |
| "params": [], | |
| "type": "mean" | |
| }, | |
| { | |
| "params": [ | |
| "1m" | |
| ], | |
| "type": "non_negative_derivative" | |
| } | |
| ] | |
| ], | |
| "tags": [] | |
| } | |
| ], | |
| "title": "LAPI Decisions", | |
| "transformations": [ | |
| { | |
| "id": "renameByRegex", | |
| "options": { | |
| "regex": ".*:\\s(.*)\\s.*", | |
| "renamePattern": "$1" | |
| } | |
| } | |
| ], | |
| "type": "timeseries" | |
| }, | |
| { | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "fieldConfig": { | |
| "defaults": { | |
| "color": { | |
| "mode": "palette-classic" | |
| }, | |
| "custom": { | |
| "axisBorderShow": false, | |
| "axisCenteredZero": false, | |
| "axisColorMode": "text", | |
| "axisLabel": "", | |
| "axisPlacement": "auto", | |
| "barAlignment": 0, | |
| "drawStyle": "line", | |
| "fillOpacity": 20, | |
| "gradientMode": "none", | |
| "hideFrom": { | |
| "legend": false, | |
| "tooltip": false, | |
| "viz": false | |
| }, | |
| "insertNulls": false, | |
| "lineInterpolation": "linear", | |
| "lineWidth": 1, | |
| "pointSize": 5, | |
| "scaleDistribution": { | |
| "type": "linear" | |
| }, | |
| "showPoints": "auto", | |
| "spanNulls": false, | |
| "stacking": { | |
| "group": "A", | |
| "mode": "none" | |
| }, | |
| "thresholdsStyle": { | |
| "mode": "off" | |
| } | |
| }, | |
| "mappings": [], | |
| "thresholds": { | |
| "mode": "absolute", | |
| "steps": [ | |
| { | |
| "color": "green", | |
| "value": null | |
| }, | |
| { | |
| "color": "red", | |
| "value": 80 | |
| } | |
| ] | |
| } | |
| }, | |
| "overrides": [] | |
| }, | |
| "gridPos": { | |
| "h": 8, | |
| "w": 12, | |
| "x": 0, | |
| "y": 32 | |
| }, | |
| "id": 12, | |
| "interval": "5m", | |
| "options": { | |
| "legend": { | |
| "calcs": [], | |
| "displayMode": "list", | |
| "placement": "bottom", | |
| "showLegend": true | |
| }, | |
| "tooltip": { | |
| "mode": "single", | |
| "sort": "none" | |
| } | |
| }, | |
| "targets": [ | |
| { | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "groupBy": [ | |
| { | |
| "params": [ | |
| "$__interval" | |
| ], | |
| "type": "time" | |
| }, | |
| { | |
| "params": [ | |
| "name" | |
| ], | |
| "type": "tag" | |
| }, | |
| { | |
| "params": [ | |
| "null" | |
| ], | |
| "type": "fill" | |
| } | |
| ], | |
| "measurement": "crowdsec_cs_bucket_poured_total", | |
| "orderByTime": "ASC", | |
| "policy": "default", | |
| "refId": "A", | |
| "resultFormat": "time_series", | |
| "select": [ | |
| [ | |
| { | |
| "params": [ | |
| "counter" | |
| ], | |
| "type": "field" | |
| }, | |
| { | |
| "params": [], | |
| "type": "mean" | |
| }, | |
| { | |
| "params": [ | |
| "5m" | |
| ], | |
| "type": "non_negative_derivative" | |
| } | |
| ] | |
| ], | |
| "tags": [ | |
| { | |
| "key": "host", | |
| "operator": "=~", | |
| "value": "/^$host$/" | |
| } | |
| ] | |
| } | |
| ], | |
| "title": "Buckets Poured", | |
| "transformations": [ | |
| { | |
| "id": "renameByRegex", | |
| "options": { | |
| "regex": ".*name:\\s[^/]+/(.*)}", | |
| "renamePattern": "$1" | |
| } | |
| } | |
| ], | |
| "type": "timeseries" | |
| }, | |
| { | |
| "collapsed": false, | |
| "gridPos": { | |
| "h": 1, | |
| "w": 24, | |
| "x": 0, | |
| "y": 40 | |
| }, | |
| "id": 10, | |
| "panels": [], | |
| "title": "Details", | |
| "type": "row" | |
| }, | |
| { | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "description": "", | |
| "fieldConfig": { | |
| "defaults": { | |
| "color": { | |
| "mode": "palette-classic" | |
| }, | |
| "custom": { | |
| "axisBorderShow": false, | |
| "axisCenteredZero": false, | |
| "axisColorMode": "text", | |
| "axisLabel": "", | |
| "axisPlacement": "auto", | |
| "barAlignment": 0, | |
| "drawStyle": "line", | |
| "fillOpacity": 0, | |
| "gradientMode": "none", | |
| "hideFrom": { | |
| "legend": false, | |
| "tooltip": false, | |
| "viz": false | |
| }, | |
| "insertNulls": false, | |
| "lineInterpolation": "linear", | |
| "lineWidth": 1, | |
| "pointSize": 5, | |
| "scaleDistribution": { | |
| "type": "linear" | |
| }, | |
| "showPoints": "auto", | |
| "spanNulls": false, | |
| "stacking": { | |
| "group": "A", | |
| "mode": "none" | |
| }, | |
| "thresholdsStyle": { | |
| "mode": "off" | |
| } | |
| }, | |
| "mappings": [], | |
| "thresholds": { | |
| "mode": "absolute", | |
| "steps": [ | |
| { | |
| "color": "green", | |
| "value": null | |
| }, | |
| { | |
| "color": "red", | |
| "value": 80 | |
| } | |
| ] | |
| } | |
| }, | |
| "overrides": [] | |
| }, | |
| "gridPos": { | |
| "h": 8, | |
| "w": 12, | |
| "x": 0, | |
| "y": 41 | |
| }, | |
| "id": 14, | |
| "interval": "5m", | |
| "options": { | |
| "legend": { | |
| "calcs": [ | |
| "last", | |
| "mean", | |
| "max" | |
| ], | |
| "displayMode": "table", | |
| "placement": "bottom", | |
| "showLegend": true | |
| }, | |
| "tooltip": { | |
| "mode": "single", | |
| "sort": "none" | |
| } | |
| }, | |
| "targets": [ | |
| { | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "groupBy": [ | |
| { | |
| "params": [ | |
| "$__interval" | |
| ], | |
| "type": "time" | |
| }, | |
| { | |
| "params": [ | |
| "source" | |
| ], | |
| "type": "tag" | |
| }, | |
| { | |
| "params": [ | |
| "null" | |
| ], | |
| "type": "fill" | |
| } | |
| ], | |
| "measurement": "crowdsec_cs_filesource_hits_total", | |
| "orderByTime": "ASC", | |
| "policy": "default", | |
| "refId": "A", | |
| "resultFormat": "time_series", | |
| "select": [ | |
| [ | |
| { | |
| "params": [ | |
| "counter" | |
| ], | |
| "type": "field" | |
| }, | |
| { | |
| "params": [], | |
| "type": "mean" | |
| }, | |
| { | |
| "params": [ | |
| "1m" | |
| ], | |
| "type": "non_negative_derivative" | |
| } | |
| ] | |
| ], | |
| "tags": [ | |
| { | |
| "key": "host", | |
| "operator": "=~", | |
| "value": "/^$host$/" | |
| } | |
| ] | |
| } | |
| ], | |
| "title": "Lines Read per minute", | |
| "transformations": [ | |
| { | |
| "id": "renameByRegex", | |
| "options": { | |
| "regex": ".*:\\s(.*)}", | |
| "renamePattern": "$1" | |
| } | |
| } | |
| ], | |
| "type": "timeseries" | |
| }, | |
| { | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "description": "", | |
| "fieldConfig": { | |
| "defaults": { | |
| "color": { | |
| "mode": "palette-classic" | |
| }, | |
| "custom": { | |
| "axisBorderShow": false, | |
| "axisCenteredZero": false, | |
| "axisColorMode": "text", | |
| "axisLabel": "", | |
| "axisPlacement": "auto", | |
| "barAlignment": 0, | |
| "drawStyle": "line", | |
| "fillOpacity": 0, | |
| "gradientMode": "none", | |
| "hideFrom": { | |
| "legend": false, | |
| "tooltip": false, | |
| "viz": false | |
| }, | |
| "insertNulls": false, | |
| "lineInterpolation": "linear", | |
| "lineWidth": 1, | |
| "pointSize": 5, | |
| "scaleDistribution": { | |
| "type": "linear" | |
| }, | |
| "showPoints": "auto", | |
| "spanNulls": false, | |
| "stacking": { | |
| "group": "A", | |
| "mode": "none" | |
| }, | |
| "thresholdsStyle": { | |
| "mode": "off" | |
| } | |
| }, | |
| "mappings": [], | |
| "thresholds": { | |
| "mode": "absolute", | |
| "steps": [ | |
| { | |
| "color": "green", | |
| "value": null | |
| }, | |
| { | |
| "color": "red", | |
| "value": 80 | |
| } | |
| ] | |
| } | |
| }, | |
| "overrides": [] | |
| }, | |
| "gridPos": { | |
| "h": 8, | |
| "w": 12, | |
| "x": 12, | |
| "y": 41 | |
| }, | |
| "id": 16, | |
| "interval": "1m", | |
| "options": { | |
| "legend": { | |
| "calcs": [ | |
| "last", | |
| "mean", | |
| "max" | |
| ], | |
| "displayMode": "table", | |
| "placement": "bottom", | |
| "showLegend": true | |
| }, | |
| "tooltip": { | |
| "mode": "single", | |
| "sort": "none" | |
| } | |
| }, | |
| "targets": [ | |
| { | |
| "alias": "OK", | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "groupBy": [ | |
| { | |
| "params": [ | |
| "$__interval" | |
| ], | |
| "type": "time" | |
| }, | |
| { | |
| "params": [ | |
| "null" | |
| ], | |
| "type": "fill" | |
| } | |
| ], | |
| "measurement": "crowdsec_cs_parser_hits_ok_total", | |
| "orderByTime": "ASC", | |
| "policy": "default", | |
| "refId": "A", | |
| "resultFormat": "time_series", | |
| "select": [ | |
| [ | |
| { | |
| "params": [ | |
| "counter" | |
| ], | |
| "type": "field" | |
| }, | |
| { | |
| "params": [], | |
| "type": "mean" | |
| }, | |
| { | |
| "params": [ | |
| "1m" | |
| ], | |
| "type": "non_negative_derivative" | |
| } | |
| ] | |
| ], | |
| "tags": [ | |
| { | |
| "key": "host", | |
| "operator": "=~", | |
| "value": "/^$host$/" | |
| } | |
| ] | |
| }, | |
| { | |
| "alias": "Error", | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "groupBy": [ | |
| { | |
| "params": [ | |
| "$__interval" | |
| ], | |
| "type": "time" | |
| }, | |
| { | |
| "params": [ | |
| "null" | |
| ], | |
| "type": "fill" | |
| } | |
| ], | |
| "hide": false, | |
| "measurement": "crowdsec_cs_parser_hits_ko_total", | |
| "orderByTime": "ASC", | |
| "policy": "default", | |
| "refId": "B", | |
| "resultFormat": "time_series", | |
| "select": [ | |
| [ | |
| { | |
| "params": [ | |
| "counter" | |
| ], | |
| "type": "field" | |
| }, | |
| { | |
| "params": [], | |
| "type": "mean" | |
| }, | |
| { | |
| "params": [ | |
| "1m" | |
| ], | |
| "type": "non_negative_derivative" | |
| } | |
| ] | |
| ], | |
| "tags": [] | |
| } | |
| ], | |
| "title": "Parser Hits per minute", | |
| "type": "timeseries" | |
| }, | |
| { | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "fieldConfig": { | |
| "defaults": { | |
| "color": { | |
| "mode": "thresholds" | |
| }, | |
| "custom": { | |
| "align": "left", | |
| "cellOptions": { | |
| "type": "auto" | |
| }, | |
| "filterable": false, | |
| "inspect": false | |
| }, | |
| "mappings": [ | |
| { | |
| "options": { | |
| "pattern": "crowdsecurity/(.*)", | |
| "result": { | |
| "index": 0, | |
| "text": "$1" | |
| } | |
| }, | |
| "type": "regex" | |
| } | |
| ], | |
| "thresholds": { | |
| "mode": "absolute", | |
| "steps": [ | |
| { | |
| "color": "green", | |
| "value": null | |
| }, | |
| { | |
| "color": "red", | |
| "value": 80 | |
| } | |
| ] | |
| } | |
| }, | |
| "overrides": [ | |
| { | |
| "matcher": { | |
| "id": "byName", | |
| "options": "ban" | |
| }, | |
| "properties": [ | |
| { | |
| "id": "unit", | |
| "value": "ns" | |
| } | |
| ] | |
| } | |
| ] | |
| }, | |
| "gridPos": { | |
| "h": 11, | |
| "w": 24, | |
| "x": 0, | |
| "y": 49 | |
| }, | |
| "id": 5, | |
| "options": { | |
| "cellHeight": "sm", | |
| "footer": { | |
| "countRows": false, | |
| "fields": [ | |
| "asn" | |
| ], | |
| "reducer": [ | |
| "sum" | |
| ], | |
| "show": false | |
| }, | |
| "frameIndex": 2, | |
| "showHeader": true | |
| }, | |
| "pluginVersion": "11.1.0", | |
| "targets": [ | |
| { | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "groupBy": [ | |
| { | |
| "params": [ | |
| "behavior::tag" | |
| ], | |
| "type": "tag" | |
| }, | |
| { | |
| "params": [ | |
| "country_code::tag" | |
| ], | |
| "type": "tag" | |
| }, | |
| { | |
| "params": [ | |
| "asn" | |
| ], | |
| "type": "tag" | |
| }, | |
| { | |
| "params": [ | |
| "ip::tag" | |
| ], | |
| "type": "tag" | |
| } | |
| ], | |
| "measurement": "crowdseclog", | |
| "orderByTime": "DESC", | |
| "policy": "default", | |
| "query": "SELECT DISTINCT \"ip\" FROM \"crowdseclog_tail\" WHERE (\"host\" =~ /^$host$/) AND $timeFilter", | |
| "rawQuery": false, | |
| "refId": "A", | |
| "resultFormat": "table", | |
| "select": [ | |
| [ | |
| { | |
| "params": [ | |
| "ban_length" | |
| ], | |
| "type": "field" | |
| }, | |
| { | |
| "params": [], | |
| "type": "distinct" | |
| }, | |
| { | |
| "params": [ | |
| "ban" | |
| ], | |
| "type": "alias" | |
| } | |
| ] | |
| ], | |
| "tags": [] | |
| } | |
| ], | |
| "title": "Ban Log", | |
| "type": "table" | |
| }, | |
| { | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "fieldConfig": { | |
| "defaults": { | |
| "color": { | |
| "mode": "thresholds" | |
| }, | |
| "custom": { | |
| "align": "left", | |
| "cellOptions": { | |
| "type": "auto" | |
| }, | |
| "filterable": false, | |
| "inspect": false | |
| }, | |
| "mappings": [ | |
| { | |
| "options": { | |
| "pattern": "crowdsecurity/(.*)", | |
| "result": { | |
| "index": 0, | |
| "text": "$1" | |
| } | |
| }, | |
| "type": "regex" | |
| } | |
| ], | |
| "thresholds": { | |
| "mode": "absolute", | |
| "steps": [ | |
| { | |
| "color": "green", | |
| "value": null | |
| }, | |
| { | |
| "color": "red", | |
| "value": 80 | |
| } | |
| ] | |
| } | |
| }, | |
| "overrides": [] | |
| }, | |
| "gridPos": { | |
| "h": 11, | |
| "w": 24, | |
| "x": 0, | |
| "y": 60 | |
| }, | |
| "id": 19, | |
| "options": { | |
| "cellHeight": "sm", | |
| "footer": { | |
| "countRows": false, | |
| "fields": [ | |
| "asn" | |
| ], | |
| "reducer": [ | |
| "sum" | |
| ], | |
| "show": false | |
| }, | |
| "frameIndex": 2, | |
| "showHeader": true, | |
| "sortBy": [ | |
| { | |
| "desc": true, | |
| "displayName": "sum" | |
| } | |
| ] | |
| }, | |
| "pluginVersion": "11.1.0", | |
| "targets": [ | |
| { | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "groupBy": [ | |
| { | |
| "params": [ | |
| "behavior" | |
| ], | |
| "type": "tag" | |
| } | |
| ], | |
| "measurement": "crowdseclog", | |
| "orderByTime": "ASC", | |
| "policy": "default", | |
| "query": "SELECT DISTINCT \"ip\" FROM \"crowdseclog_tail\" WHERE (\"host\" =~ /^$host$/) AND $timeFilter", | |
| "rawQuery": false, | |
| "refId": "A", | |
| "resultFormat": "table", | |
| "select": [ | |
| [ | |
| { | |
| "params": [ | |
| "events" | |
| ], | |
| "type": "field" | |
| }, | |
| { | |
| "params": [], | |
| "type": "sum" | |
| }, | |
| { | |
| "params": [ | |
| "events" | |
| ], | |
| "type": "alias" | |
| } | |
| ] | |
| ], | |
| "tags": [] | |
| } | |
| ], | |
| "title": "Ban Log - Number of Events per Behavior", | |
| "type": "table" | |
| } | |
| ], | |
| "refresh": "1m", | |
| "revision": 1, | |
| "schemaVersion": 39, | |
| "tags": [], | |
| "templating": { | |
| "list": [ | |
| { | |
| "current": { | |
| "selected": false, | |
| "text": "All", | |
| "value": "$__all" | |
| }, | |
| "datasource": { | |
| "type": "influxdb", | |
| "uid": "Quid8haVk" | |
| }, | |
| "definition": "show tag values with key=\"host\"", | |
| "hide": 0, | |
| "includeAll": true, | |
| "multi": true, | |
| "name": "host", | |
| "options": [], | |
| "query": "show tag values with key=\"host\"", | |
| "refresh": 1, | |
| "regex": "", | |
| "skipUrlSync": false, | |
| "sort": 5, | |
| "type": "query" | |
| } | |
| ] | |
| }, | |
| "time": { | |
| "from": "now-7d", | |
| "to": "now" | |
| }, | |
| "timepicker": {}, | |
| "timezone": "", | |
| "title": "Crowdsec", | |
| "uid": "j4KEK3L7k", | |
| "version": 66, | |
| "weekStart": "" | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [agent] | |
| interval = "30s" | |
| round_interval = true | |
| metric_batch_size = 1000 | |
| metric_buffer_limit = 10000 | |
| collection_jitter = "0s" | |
| flush_interval = "10s" | |
| flush_jitter = "0s" | |
| precision = "" | |
| hostname = "redacted" | |
| omit_hostname = false | |
| [[outputs.influxdb]] | |
| urls = ["http://redacted:8086"] | |
| database = "crowdsec" | |
| username = "redacted" | |
| password = "redacted" | |
| namepass = ["crowdsec_*"] | |
| [[outputs.influxdb]] | |
| urls = ["http://redacted:8086"] | |
| database = "crowdsec" | |
| username = "redacted" | |
| password = "redacted" | |
| namepass = ["crowdseclog"] | |
| [[inputs.prometheus]] | |
| urls = ["http://crowdsec:6060/metrics"] | |
| name_prefix = "crowdsec_" | |
| [[inputs.tail]] | |
| files = ["/var/log/crowdsec/crowdsec.log"] | |
| # time="2024-07-18T23:23:20Z" level=info msg="(localhost/crowdsec) crowdsecurity/http-probing by ip 103.162.36.154 (ID/141639) : 4h ban on Ip 103.162.36.154" | |
| name_override = "crowdseclog" | |
| data_format = "grok" | |
| grok_custom_patterns = ''' | |
| TIMESTAMP_EU (?:\d{2}-\d{2}-\d{4} \d{2}:\d{2}:\d{2}) | |
| CROWDSTRIKE_BAN_MSG \(%{DATA}\) %{DATA:behavior:tag} by ip %{IP:ip:tag} \(%{DATA:country_code:tag}/%{NUMBER:asn:tag}\) : %{DATA:ban_length:duration} ban on Ip %{IP:ban_ip:tag} | |
| CROWDSTRIK_EVENTS_MSG Ip %{IP:ip:tag} performed '%{DATA:behavior:tag}' \(%{INT:events:int} events over %{DATA:window:duration}\) at %{DATA} | |
| ''' | |
| grok_patterns = [ | |
| '''time="%{TIMESTAMP_ISO8601:time}".*msg="%{CROWDSTRIKE_BAN_MSG}"''', | |
| '''time="%{TIMESTAMP_ISO8601:time}".*msg="%{CROWDSTRIK_EVENTS_MSG}"''' | |
| ] | |
| [[processors.converter]] | |
| [processors.converter.fields] | |
| namepass = ["crowdseclog"] | |
| timestamp = ["time"] | |
| # Timestamps are in ISO8601 | |
| timestamp_format = "2006-01-02T15:04:05.999999999Z" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment