{ "annotations": { "list": [ { "builtIn": 1, "datasource": { "type": "grafana", "uid": "-- Grafana --" }, "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "target": { "limit": 100, "matchAny": false, "tags": [], "type": "dashboard" }, "type": "dashboard" } ] }, "editable": true, "fiscalYearStartMonth": 0, "gnetId": 17877, "graphTooltip": 0, "id": 4, "links": [], "liveNow": false, "panels": [ { "datasource": { "type": "loki", "uid": "c0696081-8d61-4fbd-bde3-6510cbc6b07f" }, "description": "Source IP addresses accessing the infrastructure", "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "green", "value": 0 }, { "color": "red", "value": 100 } ] } }, "overrides": [] }, "gridPos": { "h": 26, "w": 20, "x": 2, "y": 0 }, "id": 2, "options": { "basemap": { "config": {}, "name": "Layer 0", "type": "default" }, "controls": { "mouseWheelZoom": true, "showAttribution": false, "showDebug": true, "showMeasure": false, "showScale": false, "showZoom": true }, "layers": [ { "config": { "blur": 12, "radius": 5, "weight": { "fixed": 1, "max": 1, "min": 0 } }, "location": { "latitude": "Latitude", "longitude": "Longitude", "mode": "coords" }, "name": "Map", "opacity": 0.7, "tooltip": true, "type": "heatmap" } ], "tooltip": { "mode": "none" }, "view": { "allLayers": true, "id": "europe", "lat": 46, "lon": 14, "zoom": 3 } }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "loki", "uid": "c0696081-8d61-4fbd-bde3-6510cbc6b07f" }, "editorMode": "code", "expr": "{filename=\"/var/log/iptables.log\"} | json | geoip_continent_code != \"\" | geoip_location_longitude != \"\" | geoip_location_latitude != \"\"", "legendFormat": "", "queryType": "range", "refId": "A" } ], "title": "IP Locations Heatmap", "transformations": [ { "id": "extractFields", "options": { "format": "kvp", "replace": true, "source": "labels" } }, { "id": "convertFieldType", "options": { "conversions": [ { "destinationType": "number", "targetField": "geoip_location_latitude" }, { "destinationType": "number", "targetField": "geoip_location_longitude" } ], "fields": {} } }, { "id": "organize", "options": { "excludeByName": { "FACILITY": true, "FILE_NAME": true, "HOST": true, "HOST_FROM": true, "ISODATE": false, "LEGACY_MSGHDR": true, "MESSAGE": true, "PRIORITY": true, "PROGRAM": true, "SOURCE": true, "geoip_city_geoname_id": true, "geoip_city_names_en": false, "geoip_continent_geoname_id": true, "geoip_continent_names_en": true, "geoip_country_geoname_id": true, "geoip_country_is_in_european_union": true, "geoip_country_iso_code": true, "geoip_country_names_en": false, "geoip_location_accuracy_radius": false, "geoip_location_latitude": false, "geoip_location_location": true, "geoip_location_metro_code": true, "geoip_location_time_zone": true, "geoip_registered_country_geoname_id": true, "geoip_registered_country_is_in_european_union": true, "geoip_registered_country_iso_code": true, "geoip_registered_country_names_en": false, "geoip_subdivisions_0_geoname_id": true, "geoip_subdivisions_0_iso_code": true, "geoip_subdivisions_0_names_en": true, "geoip_subdivisions_1_geoname_id": true, "geoip_subdivisions_1_iso_code": true, "geoip_subdivisions_1_names_en": true, "ipt_CODE": true, "ipt_IN": true, "ipt_LEN": true, "ipt_TYPE": true, "job": true, "kv_DPT": false, "kv_DST": true, "kv_ID": true, "kv_IN": true, "kv_LEN": true, "kv_MAC": true, "kv_OUT": false, "kv_PREC": true, "kv_PROTO": true, "kv_RES": true, "kv_SPT": true, "kv_TOS": true, "kv_TTL": true, "kv_URGP": true, "kv_WINDOW": true }, "indexByName": {}, "renameByName": { "FACILITY": "", "ISODATE": "Time", "geoip_city_names_en": "City", "geoip_continent_code": "Continent", "geoip_country_names_en": "Country", "geoip_location_accuracy_radius": "Accuracy Radius", "geoip_location_latitude": "Latitude", "geoip_location_longitude": "Longitude", "geoip_postal_code": "Postal Code", "geoip_registered_country_is_in_european_union": "", "geoip_registered_country_names_en": "Registered Country", "geoip_subdivisions_1_iso_code": "", "ipt_DPT": "Destination Port", "ipt_DST": "Destintation", "ipt_IN": "Input Interface", "ipt_LEN": "", "ipt_OUT": "Output Interface", "ipt_PROTO": "Protocol", "ipt_SPT": "Source Port", "ipt_SRC": "Source", "job": "", "kv_DPT": "Destintation Port", "kv_OUT": "Output Interface", "kv_SRC": "Source" } } }, { "id": "organize", "options": { "excludeByName": {}, "indexByName": { "Accuracy Radius": 14, "City": 9, "Continent": 7, "Country": 8, "Destination Port": 5, "Destintation": 4, "Latitude": 12, "Longitude": 13, "Output Interface": 3, "Postal Code": 10, "Protocol": 6, "Registered Country": 11, "Source": 0, "Source Port": 1, "Time": 2 }, "renameByName": {} } }, { "id": "convertFieldType", "options": { "conversions": [ { "destinationType": "time", "targetField": "Time" } ], "fields": {} } } ], "type": "geomap" }, { "gridPos": { "h": 26, "w": 20, "x": 2, "y": 26 }, "id": 8, "libraryPanel": { "name": "IP Locations (non SSH Traffic)", "uid": "OrPj7vZVk" }, "title": "IP Locations (non SSH Traffic)" }, { "datasource": { "type": "loki", "uid": "c0696081-8d61-4fbd-bde3-6510cbc6b07f" }, "description": "Source IP addresses by location accessing ssh", "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green" }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 26, "w": 20, "x": 2, "y": 52 }, "id": 3, "options": { "basemap": { "config": {}, "name": "Layer 0", "type": "default" }, "controls": { "mouseWheelZoom": true, "showAttribution": false, "showDebug": true, "showMeasure": false, "showScale": false, "showZoom": true }, "layers": [ { "config": { "showLegend": false, "style": { "color": { "fixed": "red" }, "opacity": 0.4, "rotation": { "fixed": 0, "max": 360, "min": -360, "mode": "mod" }, "size": { "fixed": 5, "max": 15, "min": 2 }, "symbol": { "fixed": "img/icons/marker/circle.svg", "mode": "fixed" }, "text": { "fixed": "", "mode": "field" }, "textConfig": { "fontSize": 12, "offsetX": 0, "offsetY": 0, "textAlign": "center", "textBaseline": "middle" } } }, "location": { "latitude": "geoip_location_latitude", "longitude": "geoip_location_longitude", "mode": "coords" }, "name": "Map", "tooltip": true, "type": "markers" } ], "tooltip": { "mode": "details" }, "view": { "allLayers": true, "id": "europe", "lat": 46, "lon": 14, "zoom": 3 } }, "pluginVersion": "10.1.5", "targets": [ { "datasource": { "type": "loki", "uid": "c0696081-8d61-4fbd-bde3-6510cbc6b07f" }, "editorMode": "code", "expr": "{filename=\"/var/log/iptables.log\"} | json | geoip_continent_code != \"\" | ipt_DPT == 22 | geoip_location_longitude != \"\" | geoip_location_latitude != \"\"", "legendFormat": "", "queryType": "range", "refId": "A" } ], "title": "IP Locations (SSH)", "transformations": [ { "id": "extractFields", "options": { "format": "kvp", "replace": true, "source": "labels" } }, { "id": "convertFieldType", "options": { "conversions": [ { "destinationType": "number", "targetField": "geoip_location_latitude" }, { "destinationType": "number", "targetField": "geoip_location_longitude" } ], "fields": {} } }, { "id": "organize", "options": { "excludeByName": { "FACILITY": true, "FILE_NAME": true, "HOST": true, "HOST_FROM": true, "ISODATE": false, "LEGACY_MSGHDR": true, "MESSAGE": true, "PRIORITY": true, "PROGRAM": true, "SOURCE": true, "geoip_city_geoname_id": true, "geoip_city_names_en": false, "geoip_continent_geoname_id": true, "geoip_continent_names_en": true, "geoip_country_geoname_id": true, "geoip_country_is_in_european_union": true, "geoip_country_iso_code": true, "geoip_country_names_en": true, "geoip_location_accuracy_radius": false, "geoip_location_latitude": false, "geoip_location_location": true, "geoip_location_metro_code": true, "geoip_location_time_zone": true, "geoip_registered_country_geoname_id": true, "geoip_registered_country_is_in_european_union": true, "geoip_registered_country_iso_code": true, "geoip_registered_country_names_en": true, "geoip_subdivisions_0_geoname_id": true, "geoip_subdivisions_0_iso_code": true, "geoip_subdivisions_0_names_en": true, "geoip_subdivisions_1_geoname_id": true, "geoip_subdivisions_1_iso_code": true, "geoip_subdivisions_1_names_en": true, "ipt_CODE": true, "ipt_IN": true, "ipt_LEN": true, "ipt_TYPE": true, "job": true, "kv_DPT": false, "kv_DST": true, "kv_ID": true, "kv_IN": true, "kv_LEN": true, "kv_MAC": true, "kv_OUT": false, "kv_PREC": true, "kv_PROTO": true, "kv_RES": true, "kv_SPT": true, "kv_TOS": true, "kv_TTL": true, "kv_URGP": true, "kv_WINDOW": true }, "indexByName": {}, "renameByName": { "FACILITY": "", "ISODATE": "Time", "geoip_city_names_en": "City Name", "geoip_continent_code": "Continent Code", "geoip_location_accuracy_radius": "Accuracy Radius", "geoip_location_latitude": "Latitude", "geoip_location_longitude": "Longitude", "geoip_postal_code": "Postal Code", "ipt_DPT": "Destination Port", "ipt_DST": "Destintation", "ipt_IN": "Input Interface", "ipt_LEN": "", "ipt_OUT": "Output Interface", "ipt_PROTO": "Protocol", "ipt_SPT": "Source Port", "ipt_SRC": "Source", "job": "", "kv_DPT": "Destintation Port", "kv_OUT": "Output Interface", "kv_SRC": "Source" } } }, { "id": "organize", "options": { "excludeByName": {}, "indexByName": { "Accuracy Radius": 9, "City Name": 7, "Continent Code": 8, "Destination Port": 5, "Destintation": 4, "Latitude": 10, "Longitude": 11, "Output Interface": 3, "Postal Code": 12, "Protocol": 6, "Source": 0, "Source Port": 1, "Time": 2 }, "renameByName": {} } }, { "id": "convertFieldType", "options": { "conversions": [ { "destinationType": "time", "targetField": "Time" } ], "fields": {} } } ], "type": "geomap" } ], "refresh": "", "revision": 1, "schemaVersion": 38, "tags": [], "templating": { "list": [] }, "time": { "from": "now-2d", "to": "now" }, "timepicker": {}, "timezone": "", "title": "GeoIP", "uid": "pV2rGDZ4z", "version": 4, "weekStart": "" }