596 lines
17 KiB
JSON
596 lines
17 KiB
JSON
|
{
|
||
|
"annotations": {
|
||
|
"list": [
|
||
|
{
|
||
|
"builtIn": 1,
|
||
|
"datasource": {
|
||
|
"type": "grafana",
|
||
|
"uid": "-- Grafana --"
|
||
|
},
|
||
|
"enable": true,
|
||
|
"hide": true,
|
||
|
"iconColor": "rgba(0, 211, 255, 1)",
|
||
|
"name": "Annotations & Alerts",
|
||
|
"target": {
|
||
|
"limit": 100,
|
||
|
"matchAny": false,
|
||
|
"tags": [],
|
||
|
"type": "dashboard"
|
||
|
},
|
||
|
"type": "dashboard"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
"editable": true,
|
||
|
"fiscalYearStartMonth": 0,
|
||
|
"gnetId": 17877,
|
||
|
"graphTooltip": 0,
|
||
|
"id": 4,
|
||
|
"links": [],
|
||
|
"liveNow": false,
|
||
|
"panels": [
|
||
|
{
|
||
|
"datasource": {
|
||
|
"type": "loki",
|
||
|
"uid": "c0696081-8d61-4fbd-bde3-6510cbc6b07f"
|
||
|
},
|
||
|
"description": "Source IP addresses accessing the infrastructure",
|
||
|
"fieldConfig": {
|
||
|
"defaults": {
|
||
|
"color": {
|
||
|
"mode": "thresholds"
|
||
|
},
|
||
|
"custom": {
|
||
|
"hideFrom": {
|
||
|
"legend": false,
|
||
|
"tooltip": false,
|
||
|
"viz": false
|
||
|
}
|
||
|
},
|
||
|
"mappings": [],
|
||
|
"thresholds": {
|
||
|
"mode": "absolute",
|
||
|
"steps": [
|
||
|
{
|
||
|
"color": "green",
|
||
|
"value": null
|
||
|
},
|
||
|
{
|
||
|
"color": "green",
|
||
|
"value": 0
|
||
|
},
|
||
|
{
|
||
|
"color": "red",
|
||
|
"value": 100
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
},
|
||
|
"overrides": []
|
||
|
},
|
||
|
"gridPos": {
|
||
|
"h": 26,
|
||
|
"w": 20,
|
||
|
"x": 2,
|
||
|
"y": 0
|
||
|
},
|
||
|
"id": 2,
|
||
|
"options": {
|
||
|
"basemap": {
|
||
|
"config": {},
|
||
|
"name": "Layer 0",
|
||
|
"type": "default"
|
||
|
},
|
||
|
"controls": {
|
||
|
"mouseWheelZoom": true,
|
||
|
"showAttribution": false,
|
||
|
"showDebug": true,
|
||
|
"showMeasure": false,
|
||
|
"showScale": false,
|
||
|
"showZoom": true
|
||
|
},
|
||
|
"layers": [
|
||
|
{
|
||
|
"config": {
|
||
|
"blur": 12,
|
||
|
"radius": 5,
|
||
|
"weight": {
|
||
|
"fixed": 1,
|
||
|
"max": 1,
|
||
|
"min": 0
|
||
|
}
|
||
|
},
|
||
|
"location": {
|
||
|
"latitude": "Latitude",
|
||
|
"longitude": "Longitude",
|
||
|
"mode": "coords"
|
||
|
},
|
||
|
"name": "Map",
|
||
|
"opacity": 0.7,
|
||
|
"tooltip": true,
|
||
|
"type": "heatmap"
|
||
|
}
|
||
|
],
|
||
|
"tooltip": {
|
||
|
"mode": "none"
|
||
|
},
|
||
|
"view": {
|
||
|
"allLayers": true,
|
||
|
"id": "europe",
|
||
|
"lat": 46,
|
||
|
"lon": 14,
|
||
|
"zoom": 3
|
||
|
}
|
||
|
},
|
||
|
"pluginVersion": "10.2.0",
|
||
|
"targets": [
|
||
|
{
|
||
|
"datasource": {
|
||
|
"type": "loki",
|
||
|
"uid": "c0696081-8d61-4fbd-bde3-6510cbc6b07f"
|
||
|
},
|
||
|
"editorMode": "code",
|
||
|
"expr": "{filename=\"/var/log/iptables.log\"} | json | geoip_continent_code != \"\" | geoip_location_longitude != \"\" | geoip_location_latitude != \"\"",
|
||
|
"legendFormat": "",
|
||
|
"queryType": "range",
|
||
|
"refId": "A"
|
||
|
}
|
||
|
],
|
||
|
"title": "IP Locations Heatmap",
|
||
|
"transformations": [
|
||
|
{
|
||
|
"id": "extractFields",
|
||
|
"options": {
|
||
|
"format": "kvp",
|
||
|
"replace": true,
|
||
|
"source": "labels"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "convertFieldType",
|
||
|
"options": {
|
||
|
"conversions": [
|
||
|
{
|
||
|
"destinationType": "number",
|
||
|
"targetField": "geoip_location_latitude"
|
||
|
},
|
||
|
{
|
||
|
"destinationType": "number",
|
||
|
"targetField": "geoip_location_longitude"
|
||
|
}
|
||
|
],
|
||
|
"fields": {}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "organize",
|
||
|
"options": {
|
||
|
"excludeByName": {
|
||
|
"FACILITY": true,
|
||
|
"FILE_NAME": true,
|
||
|
"HOST": true,
|
||
|
"HOST_FROM": true,
|
||
|
"ISODATE": false,
|
||
|
"LEGACY_MSGHDR": true,
|
||
|
"MESSAGE": true,
|
||
|
"PRIORITY": true,
|
||
|
"PROGRAM": true,
|
||
|
"SOURCE": true,
|
||
|
"geoip_city_geoname_id": true,
|
||
|
"geoip_city_names_en": false,
|
||
|
"geoip_continent_geoname_id": true,
|
||
|
"geoip_continent_names_en": true,
|
||
|
"geoip_country_geoname_id": true,
|
||
|
"geoip_country_is_in_european_union": true,
|
||
|
"geoip_country_iso_code": true,
|
||
|
"geoip_country_names_en": false,
|
||
|
"geoip_location_accuracy_radius": false,
|
||
|
"geoip_location_latitude": false,
|
||
|
"geoip_location_location": true,
|
||
|
"geoip_location_metro_code": true,
|
||
|
"geoip_location_time_zone": true,
|
||
|
"geoip_registered_country_geoname_id": true,
|
||
|
"geoip_registered_country_is_in_european_union": true,
|
||
|
"geoip_registered_country_iso_code": true,
|
||
|
"geoip_registered_country_names_en": false,
|
||
|
"geoip_subdivisions_0_geoname_id": true,
|
||
|
"geoip_subdivisions_0_iso_code": true,
|
||
|
"geoip_subdivisions_0_names_en": true,
|
||
|
"geoip_subdivisions_1_geoname_id": true,
|
||
|
"geoip_subdivisions_1_iso_code": true,
|
||
|
"geoip_subdivisions_1_names_en": true,
|
||
|
"ipt_CODE": true,
|
||
|
"ipt_IN": true,
|
||
|
"ipt_LEN": true,
|
||
|
"ipt_TYPE": true,
|
||
|
"job": true,
|
||
|
"kv_DPT": false,
|
||
|
"kv_DST": true,
|
||
|
"kv_ID": true,
|
||
|
"kv_IN": true,
|
||
|
"kv_LEN": true,
|
||
|
"kv_MAC": true,
|
||
|
"kv_OUT": false,
|
||
|
"kv_PREC": true,
|
||
|
"kv_PROTO": true,
|
||
|
"kv_RES": true,
|
||
|
"kv_SPT": true,
|
||
|
"kv_TOS": true,
|
||
|
"kv_TTL": true,
|
||
|
"kv_URGP": true,
|
||
|
"kv_WINDOW": true
|
||
|
},
|
||
|
"indexByName": {},
|
||
|
"renameByName": {
|
||
|
"FACILITY": "",
|
||
|
"ISODATE": "Time",
|
||
|
"geoip_city_names_en": "City",
|
||
|
"geoip_continent_code": "Continent",
|
||
|
"geoip_country_names_en": "Country",
|
||
|
"geoip_location_accuracy_radius": "Accuracy Radius",
|
||
|
"geoip_location_latitude": "Latitude",
|
||
|
"geoip_location_longitude": "Longitude",
|
||
|
"geoip_postal_code": "Postal Code",
|
||
|
"geoip_registered_country_is_in_european_union": "",
|
||
|
"geoip_registered_country_names_en": "Registered Country",
|
||
|
"geoip_subdivisions_1_iso_code": "",
|
||
|
"ipt_DPT": "Destination Port",
|
||
|
"ipt_DST": "Destintation",
|
||
|
"ipt_IN": "Input Interface",
|
||
|
"ipt_LEN": "",
|
||
|
"ipt_OUT": "Output Interface",
|
||
|
"ipt_PROTO": "Protocol",
|
||
|
"ipt_SPT": "Source Port",
|
||
|
"ipt_SRC": "Source",
|
||
|
"job": "",
|
||
|
"kv_DPT": "Destintation Port",
|
||
|
"kv_OUT": "Output Interface",
|
||
|
"kv_SRC": "Source"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "organize",
|
||
|
"options": {
|
||
|
"excludeByName": {},
|
||
|
"indexByName": {
|
||
|
"Accuracy Radius": 14,
|
||
|
"City": 9,
|
||
|
"Continent": 7,
|
||
|
"Country": 8,
|
||
|
"Destination Port": 5,
|
||
|
"Destintation": 4,
|
||
|
"Latitude": 12,
|
||
|
"Longitude": 13,
|
||
|
"Output Interface": 3,
|
||
|
"Postal Code": 10,
|
||
|
"Protocol": 6,
|
||
|
"Registered Country": 11,
|
||
|
"Source": 0,
|
||
|
"Source Port": 1,
|
||
|
"Time": 2
|
||
|
},
|
||
|
"renameByName": {}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "convertFieldType",
|
||
|
"options": {
|
||
|
"conversions": [
|
||
|
{
|
||
|
"destinationType": "time",
|
||
|
"targetField": "Time"
|
||
|
}
|
||
|
],
|
||
|
"fields": {}
|
||
|
}
|
||
|
}
|
||
|
],
|
||
|
"type": "geomap"
|
||
|
},
|
||
|
{
|
||
|
"gridPos": {
|
||
|
"h": 26,
|
||
|
"w": 20,
|
||
|
"x": 2,
|
||
|
"y": 26
|
||
|
},
|
||
|
"id": 8,
|
||
|
"libraryPanel": {
|
||
|
"name": "IP Locations (non SSH Traffic)",
|
||
|
"uid": "OrPj7vZVk"
|
||
|
},
|
||
|
"title": "IP Locations (non SSH Traffic)"
|
||
|
},
|
||
|
{
|
||
|
"datasource": {
|
||
|
"type": "loki",
|
||
|
"uid": "c0696081-8d61-4fbd-bde3-6510cbc6b07f"
|
||
|
},
|
||
|
"description": "Source IP addresses by location accessing ssh",
|
||
|
"fieldConfig": {
|
||
|
"defaults": {
|
||
|
"color": {
|
||
|
"mode": "thresholds"
|
||
|
},
|
||
|
"custom": {
|
||
|
"hideFrom": {
|
||
|
"legend": false,
|
||
|
"tooltip": false,
|
||
|
"viz": false
|
||
|
}
|
||
|
},
|
||
|
"mappings": [],
|
||
|
"thresholds": {
|
||
|
"mode": "absolute",
|
||
|
"steps": [
|
||
|
{
|
||
|
"color": "green"
|
||
|
},
|
||
|
{
|
||
|
"color": "red",
|
||
|
"value": 80
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
},
|
||
|
"overrides": []
|
||
|
},
|
||
|
"gridPos": {
|
||
|
"h": 26,
|
||
|
"w": 20,
|
||
|
"x": 2,
|
||
|
"y": 52
|
||
|
},
|
||
|
"id": 3,
|
||
|
"options": {
|
||
|
"basemap": {
|
||
|
"config": {},
|
||
|
"name": "Layer 0",
|
||
|
"type": "default"
|
||
|
},
|
||
|
"controls": {
|
||
|
"mouseWheelZoom": true,
|
||
|
"showAttribution": false,
|
||
|
"showDebug": true,
|
||
|
"showMeasure": false,
|
||
|
"showScale": false,
|
||
|
"showZoom": true
|
||
|
},
|
||
|
"layers": [
|
||
|
{
|
||
|
"config": {
|
||
|
"showLegend": false,
|
||
|
"style": {
|
||
|
"color": {
|
||
|
"fixed": "red"
|
||
|
},
|
||
|
"opacity": 0.4,
|
||
|
"rotation": {
|
||
|
"fixed": 0,
|
||
|
"max": 360,
|
||
|
"min": -360,
|
||
|
"mode": "mod"
|
||
|
},
|
||
|
"size": {
|
||
|
"fixed": 5,
|
||
|
"max": 15,
|
||
|
"min": 2
|
||
|
},
|
||
|
"symbol": {
|
||
|
"fixed": "img/icons/marker/circle.svg",
|
||
|
"mode": "fixed"
|
||
|
},
|
||
|
"text": {
|
||
|
"fixed": "",
|
||
|
"mode": "field"
|
||
|
},
|
||
|
"textConfig": {
|
||
|
"fontSize": 12,
|
||
|
"offsetX": 0,
|
||
|
"offsetY": 0,
|
||
|
"textAlign": "center",
|
||
|
"textBaseline": "middle"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
"location": {
|
||
|
"latitude": "geoip_location_latitude",
|
||
|
"longitude": "geoip_location_longitude",
|
||
|
"mode": "coords"
|
||
|
},
|
||
|
"name": "Map",
|
||
|
"tooltip": true,
|
||
|
"type": "markers"
|
||
|
}
|
||
|
],
|
||
|
"tooltip": {
|
||
|
"mode": "details"
|
||
|
},
|
||
|
"view": {
|
||
|
"allLayers": true,
|
||
|
"id": "europe",
|
||
|
"lat": 46,
|
||
|
"lon": 14,
|
||
|
"zoom": 3
|
||
|
}
|
||
|
},
|
||
|
"pluginVersion": "10.1.5",
|
||
|
"targets": [
|
||
|
{
|
||
|
"datasource": {
|
||
|
"type": "loki",
|
||
|
"uid": "c0696081-8d61-4fbd-bde3-6510cbc6b07f"
|
||
|
},
|
||
|
"editorMode": "code",
|
||
|
"expr": "{filename=\"/var/log/iptables.log\"} | json | geoip_continent_code != \"\" | ipt_DPT == 22 | geoip_location_longitude != \"\" | geoip_location_latitude != \"\"",
|
||
|
"legendFormat": "",
|
||
|
"queryType": "range",
|
||
|
"refId": "A"
|
||
|
}
|
||
|
],
|
||
|
"title": "IP Locations (SSH)",
|
||
|
"transformations": [
|
||
|
{
|
||
|
"id": "extractFields",
|
||
|
"options": {
|
||
|
"format": "kvp",
|
||
|
"replace": true,
|
||
|
"source": "labels"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "convertFieldType",
|
||
|
"options": {
|
||
|
"conversions": [
|
||
|
{
|
||
|
"destinationType": "number",
|
||
|
"targetField": "geoip_location_latitude"
|
||
|
},
|
||
|
{
|
||
|
"destinationType": "number",
|
||
|
"targetField": "geoip_location_longitude"
|
||
|
}
|
||
|
],
|
||
|
"fields": {}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "organize",
|
||
|
"options": {
|
||
|
"excludeByName": {
|
||
|
"FACILITY": true,
|
||
|
"FILE_NAME": true,
|
||
|
"HOST": true,
|
||
|
"HOST_FROM": true,
|
||
|
"ISODATE": false,
|
||
|
"LEGACY_MSGHDR": true,
|
||
|
"MESSAGE": true,
|
||
|
"PRIORITY": true,
|
||
|
"PROGRAM": true,
|
||
|
"SOURCE": true,
|
||
|
"geoip_city_geoname_id": true,
|
||
|
"geoip_city_names_en": false,
|
||
|
"geoip_continent_geoname_id": true,
|
||
|
"geoip_continent_names_en": true,
|
||
|
"geoip_country_geoname_id": true,
|
||
|
"geoip_country_is_in_european_union": true,
|
||
|
"geoip_country_iso_code": true,
|
||
|
"geoip_country_names_en": true,
|
||
|
"geoip_location_accuracy_radius": false,
|
||
|
"geoip_location_latitude": false,
|
||
|
"geoip_location_location": true,
|
||
|
"geoip_location_metro_code": true,
|
||
|
"geoip_location_time_zone": true,
|
||
|
"geoip_registered_country_geoname_id": true,
|
||
|
"geoip_registered_country_is_in_european_union": true,
|
||
|
"geoip_registered_country_iso_code": true,
|
||
|
"geoip_registered_country_names_en": true,
|
||
|
"geoip_subdivisions_0_geoname_id": true,
|
||
|
"geoip_subdivisions_0_iso_code": true,
|
||
|
"geoip_subdivisions_0_names_en": true,
|
||
|
"geoip_subdivisions_1_geoname_id": true,
|
||
|
"geoip_subdivisions_1_iso_code": true,
|
||
|
"geoip_subdivisions_1_names_en": true,
|
||
|
"ipt_CODE": true,
|
||
|
"ipt_IN": true,
|
||
|
"ipt_LEN": true,
|
||
|
"ipt_TYPE": true,
|
||
|
"job": true,
|
||
|
"kv_DPT": false,
|
||
|
"kv_DST": true,
|
||
|
"kv_ID": true,
|
||
|
"kv_IN": true,
|
||
|
"kv_LEN": true,
|
||
|
"kv_MAC": true,
|
||
|
"kv_OUT": false,
|
||
|
"kv_PREC": true,
|
||
|
"kv_PROTO": true,
|
||
|
"kv_RES": true,
|
||
|
"kv_SPT": true,
|
||
|
"kv_TOS": true,
|
||
|
"kv_TTL": true,
|
||
|
"kv_URGP": true,
|
||
|
"kv_WINDOW": true
|
||
|
},
|
||
|
"indexByName": {},
|
||
|
"renameByName": {
|
||
|
"FACILITY": "",
|
||
|
"ISODATE": "Time",
|
||
|
"geoip_city_names_en": "City Name",
|
||
|
"geoip_continent_code": "Continent Code",
|
||
|
"geoip_location_accuracy_radius": "Accuracy Radius",
|
||
|
"geoip_location_latitude": "Latitude",
|
||
|
"geoip_location_longitude": "Longitude",
|
||
|
"geoip_postal_code": "Postal Code",
|
||
|
"ipt_DPT": "Destination Port",
|
||
|
"ipt_DST": "Destintation",
|
||
|
"ipt_IN": "Input Interface",
|
||
|
"ipt_LEN": "",
|
||
|
"ipt_OUT": "Output Interface",
|
||
|
"ipt_PROTO": "Protocol",
|
||
|
"ipt_SPT": "Source Port",
|
||
|
"ipt_SRC": "Source",
|
||
|
"job": "",
|
||
|
"kv_DPT": "Destintation Port",
|
||
|
"kv_OUT": "Output Interface",
|
||
|
"kv_SRC": "Source"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "organize",
|
||
|
"options": {
|
||
|
"excludeByName": {},
|
||
|
"indexByName": {
|
||
|
"Accuracy Radius": 9,
|
||
|
"City Name": 7,
|
||
|
"Continent Code": 8,
|
||
|
"Destination Port": 5,
|
||
|
"Destintation": 4,
|
||
|
"Latitude": 10,
|
||
|
"Longitude": 11,
|
||
|
"Output Interface": 3,
|
||
|
"Postal Code": 12,
|
||
|
"Protocol": 6,
|
||
|
"Source": 0,
|
||
|
"Source Port": 1,
|
||
|
"Time": 2
|
||
|
},
|
||
|
"renameByName": {}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"id": "convertFieldType",
|
||
|
"options": {
|
||
|
"conversions": [
|
||
|
{
|
||
|
"destinationType": "time",
|
||
|
"targetField": "Time"
|
||
|
}
|
||
|
],
|
||
|
"fields": {}
|
||
|
}
|
||
|
}
|
||
|
],
|
||
|
"type": "geomap"
|
||
|
}
|
||
|
],
|
||
|
"refresh": "",
|
||
|
"revision": 1,
|
||
|
"schemaVersion": 38,
|
||
|
"tags": [],
|
||
|
"templating": {
|
||
|
"list": []
|
||
|
},
|
||
|
"time": {
|
||
|
"from": "now-2d",
|
||
|
"to": "now"
|
||
|
},
|
||
|
"timepicker": {},
|
||
|
"timezone": "",
|
||
|
"title": "GeoIP",
|
||
|
"uid": "pV2rGDZ4z",
|
||
|
"version": 4,
|
||
|
"weekStart": ""
|
||
|
}
|