diff --git a/files/analyst/README b/salt/common/files/analyst/README
similarity index 100%
rename from files/analyst/README
rename to salt/common/files/analyst/README
diff --git a/salt/common/files/analyst/so-lockscreen.jpg b/salt/common/files/analyst/so-lockscreen.jpg
new file mode 100644
index 000000000..f50fbadfa
Binary files /dev/null and b/salt/common/files/analyst/so-lockscreen.jpg differ
diff --git a/salt/common/files/analyst/so-login-logo-dark.svg b/salt/common/files/analyst/so-login-logo-dark.svg
new file mode 100644
index 000000000..1e58c3255
--- /dev/null
+++ b/salt/common/files/analyst/so-login-logo-dark.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/salt/common/files/analyst/so-login-logo.svg b/salt/common/files/analyst/so-login-logo.svg
new file mode 100644
index 000000000..abcc71bc2
--- /dev/null
+++ b/salt/common/files/analyst/so-login-logo.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/salt/common/files/analyst/so-wallpaper.jpg b/salt/common/files/analyst/so-wallpaper.jpg
new file mode 100644
index 000000000..00b3a0c80
Binary files /dev/null and b/salt/common/files/analyst/so-wallpaper.jpg differ
diff --git a/salt/common/init.sls b/salt/common/init.sls
index becfef512..769484ef3 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -56,6 +56,12 @@ salttmp:
# Install epel
{% if grains['os'] == 'CentOS' %}
+repair_yumdb:
+ cmd.run:
+ - name: 'mv -f /var/lib/rpm/__db* /tmp && yum clean all'
+ - onlyif:
+ - 'yum check-update 2>&1 | grep "Error: rpmdb open failed"'
+
epel:
pkg.installed:
- skip_suggestions: True
diff --git a/salt/common/tools/sbin/so-allow-view b/salt/common/tools/sbin/so-allow-view
old mode 100644
new mode 100755
diff --git a/salt/common/tools/sbin/so-analyst-install b/salt/common/tools/sbin/so-analyst-install
new file mode 100755
index 000000000..e97aca0df
--- /dev/null
+++ b/salt/common/tools/sbin/so-analyst-install
@@ -0,0 +1,309 @@
+#!/bin/bash
+
+# Copyright 2014-2020 Security Onion Solutions, LLC
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+if [ "$(id -u)" -ne 0 ]; then
+ echo "This script must be run using sudo!"
+ exit 1
+fi
+
+INSTALL_LOG=/root/so-analyst-install.log
+exec &> >(tee -a "$INSTALL_LOG")
+
+log() {
+ msg=$1
+ level=${2:-I}
+ now=$(TZ=GMT date +"%Y-%m-%dT%H:%M:%SZ")
+ echo -e "$now | $level | $msg" >> "$INSTALL_LOG" 2>&1
+}
+
+error() {
+ log "$1" "E"
+}
+
+info() {
+ log "$1" "I"
+}
+
+title() {
+ echo -e "\n-----------------------------\n $1\n-----------------------------\n" >> "$INSTALL_LOG" 2>&1
+}
+
+logCmd() {
+ cmd=$1
+ info "Executing command: $cmd"
+ $cmd >> "$INSTALL_LOG" 2>&1
+}
+
+analyze_system() {
+ title "System Characteristics"
+ logCmd "uptime"
+ logCmd "uname -a"
+ logCmd "free -h"
+ logCmd "lscpu"
+ logCmd "df -h"
+ logCmd "ip a"
+}
+
+analyze_system
+
+OS=$(grep PRETTY_NAME /etc/os-release | grep 'CentOS Linux 7')
+if [ $? -ne 0 ]; then
+ echo "This is an unsupported OS. Please use CentOS 7 to install the analyst node."
+ exit 1
+fi
+
+if [[ "$manufacturer" == "Security Onion Solutions" && "$family" == "Automated" ]]; then
+ INSTALL=yes
+ CURLCONTINUE=no
+else
+ INSTALL=''
+ CURLCONTINUE=''
+fi
+
+FIRSTPASS=yes
+while [[ $INSTALL != "yes" ]] && [[ $INSTALL != "no" ]]; do
+ if [[ "$FIRSTPASS" == "yes" ]]; then
+ clear
+ echo "###########################################"
+ echo "## ** W A R N I N G ** ##"
+ echo "## _______________________________ ##"
+ echo "## ##"
+ echo "## Installing the Security Onion ##"
+ echo "## analyst node on this device will ##"
+ echo "## make permanenet changes to ##"
+ echo "## the system. ##"
+ echo "## ##"
+ echo "###########################################"
+ echo "Do you wish to continue? (Type the entire word 'yes' to proceed or 'no' to exit)"
+ FIRSTPASS=no
+ else
+ echo "Please type 'yes' to continue or 'no' to exit."
+ fi
+ read INSTALL
+done
+
+if [[ $INSTALL == "no" ]]; then
+ echo "Exiting analyst node installation."
+ exit 0
+fi
+
+echo "Testing for internet connection with curl https://securityonionsolutions.com/"
+CANCURL=$(curl -sI https://securityonionsolutions.com/ | grep "200 OK")
+ if [ $? -ne 0 ]; then
+ FIRSTPASS=yes
+ while [[ $CURLCONTINUE != "yes" ]] && [[ $CURLCONTINUE != "no" ]]; do
+ if [[ "$FIRSTPASS" == "yes" ]]; then
+ echo "We could not access https://securityonionsolutions.com/."
+ echo "Since packages are downloaded from the internet, internet acceess is required."
+ echo "If you would like to ignore this warning and continue anyway, please type 'yes'."
+ echo "Otherwise, type 'no' to exit."
+ FIRSTPASS=no
+ else
+ echo "Please type 'yes' to continue or 'no' to exit."
+ fi
+ read CURLCONTINUE
+ done
+ if [[ "$CURLCONTINUE" == "no" ]]; then
+ echo "Exiting analyst node installation."
+ exit 0
+ fi
+ else
+ echo "We were able to curl https://securityonionsolutions.com/."
+ sleep 3
+ fi
+
+# Install a GUI text editor
+yum -y install gedit
+
+# Install misc utils
+yum -y install wget curl unzip epel-release yum-plugin-versionlock;
+
+# Install xWindows
+yum -y groupinstall "X Window System";
+yum -y install gnome-classic-session gnome-terminal nautilus-open-terminal control-center liberation-mono-fonts;
+unlink /etc/systemd/system/default.target;
+ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target;
+yum -y install file-roller
+
+# Install Mono - prereq for NetworkMiner
+yum -y install mono-core mono-basic mono-winforms expect
+
+# Install NetworkMiner
+yum -y install libcanberra-gtk2;
+wget https://www.netresec.com/?download=NetworkMiner -O /tmp/nm.zip;
+mkdir -p /opt/networkminer/
+unzip /tmp/nm.zip -d /opt/networkminer/;
+rm /tmp/nm.zip;
+mv /opt/networkminer/NetworkMiner_*/* /opt/networkminer/
+chmod +x /opt/networkminer/NetworkMiner.exe;
+chmod -R go+w /opt/networkminer/AssembledFiles/;
+chmod -R go+w /opt/networkminer/Captures/;
+# Create networkminer shim
+cat << EOF >> /bin/networkminer
+#!/bin/bash
+/bin/mono /opt/networkminer/NetworkMiner.exe --noupdatecheck "\$@"
+EOF
+chmod +x /bin/networkminer
+# Convert networkminer ico file to png format
+yum -y install ImageMagick
+convert /opt/networkminer/networkminericon.ico /opt/networkminer/networkminericon.png
+# Create menu entry
+cat << EOF >> /usr/share/applications/networkminer.desktop
+[Desktop Entry]
+Name=NetworkMiner
+Comment=NetworkMiner
+Encoding=UTF-8
+Exec=/bin/networkminer %f
+Icon=/opt/networkminer/networkminericon-4.png
+StartupNotify=true
+Terminal=false
+X-MultipleArgs=false
+Type=Application
+MimeType=application/x-pcap;
+Categories=Network;
+EOF
+
+# Set default monospace font to Liberation
+cat << EOF >> /etc/fonts/local.conf
+
+
+ monospace
+
+
+ Liberation Mono
+
+
+EOF
+
+# Install Wireshark for Gnome
+yum -y install wireshark-gnome;
+
+# Install dnsiff
+yum -y install dsniff;
+
+# Install hping3
+yum -y install hping3;
+
+# Install netsed
+yum -y install netsed;
+
+# Install ngrep
+yum -y install ngrep;
+
+# Install scapy
+yum -y install python36-scapy;
+
+# Install ssldump
+yum -y install ssldump;
+
+# Install tcpdump
+yum -y install tcpdump;
+
+# Install tcpflow
+yum -y install tcpflow;
+
+# Install tcpxtract
+yum -y install tcpxtract;
+
+# Install whois
+yum -y install whois;
+
+# Install foremost
+yum -y install https://forensics.cert.org/centos/cert/7/x86_64//foremost-1.5.7-13.1.el7.x86_64.rpm;
+
+# Install chromium
+yum -y install chromium;
+
+# Install tcpstat
+yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-tcpstat-1.5.0/securityonion-tcpstat-1.5.0.rpm;
+
+# Install tcptrace
+yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-tcptrace-6.6.7/securityonion-tcptrace-6.6.7.rpm;
+
+# Install sslsplit
+yum -y install libevent;
+yum -y install sslsplit;
+
+# Install Bit-Twist
+yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-bittwist-2.0.0/securityonion-bittwist-2.0.0.rpm;
+
+# Install chaosreader
+yum -y install perl-IO-Compress perl-Net-DNS;
+yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-chaosreader-0.95.10/securityonion-chaosreader-0.95.10.rpm;
+chmod +x /bin/chaosreader;
+
+if [ -f ../../files/analyst/README ]; then
+ cp ../../files/analyst/README /;
+ cp ../../files/analyst/so-wallpaper.jpg /usr/share/backgrounds/;
+ cp ../../files/analyst/so-lockscreen.jpg /usr/share/backgrounds/;
+ cp ../../files/analyst/so-login-logo-dark.svg /usr/share/pixmaps/;
+else
+ cp /opt/so/saltstack/default/salt/common/files/analyst/README /;
+ cp /opt/so/saltstack/default/salt/common/files/analyst/so-wallpaper.jpg /usr/share/backgrounds/;
+ cp /opt/so/saltstack/default/salt/common/files/analyst/so-lockscreen.jpg /usr/share/backgrounds/;
+ cp /opt/so/saltstack/default/salt/common/files/analyst/so-login-logo-dark.svg /usr/share/pixmaps/;
+fi
+
+# Set background wallpaper
+cat << EOF >> /etc/dconf/db/local.d/00-background
+# Specify the dconf path
+[org/gnome/desktop/background]
+
+# Specify the path to the desktop background image file
+picture-uri='file:///usr/share/backgrounds/so-wallpaper.jpg'
+# Specify one of the rendering options for the background image:
+# 'none', 'wallpaper', 'centered', 'scaled', 'stretched', 'zoom', 'spanned'
+picture-options='zoom'
+# Specify the left or top color when drawing gradients or the solid color
+primary-color='000000'
+# Specify the right or bottom color when drawing gradients
+secondary-color='FFFFFF'
+EOF
+
+# Set lock screen
+cat << EOF >> /etc/dconf/db/local.d/00-screensaver
+[org/gnome/desktop/session]
+idle-delay=uint32 180
+
+[org/gnome/desktop/screensaver]
+lock-enabled=true
+lock-delay=uint32 120
+picture-options='zoom'
+picture-uri='file:///usr/share/backgrounds/so-lockscreen.jpg'
+EOF
+
+cat << EOF >> /etc/dconf/db/local.d/locks/screensaver
+/org/gnome/desktop/session/idle-delay
+/org/gnome/desktop/screensaver/lock-enabled
+/org/gnome/desktop/screensaver/lock-delay
+EOF
+
+# Do not show the user list at login screen
+cat << EOF >> /etc/dconf/db/local.d/00-login-screen
+[org/gnome/login-screen]
+logo='/usr/share/pixmaps/so-login-logo-dark.svg'
+disable-user-list=true
+EOF
+
+dconf update;
+
+echo
+echo "Analyst workstation has been installed!"
+echo "Press ENTER to reboot or Ctrl-C to cancel."
+read pause
+
+reboot;
diff --git a/salt/common/tools/sbin/so-config-backup b/salt/common/tools/sbin/so-config-backup
old mode 100644
new mode 100755
diff --git a/salt/common/tools/sbin/so-elasticsearch-pipelines-list b/salt/common/tools/sbin/so-elasticsearch-pipelines-list
new file mode 100755
index 000000000..eaf21ad15
--- /dev/null
+++ b/salt/common/tools/sbin/so-elasticsearch-pipelines-list
@@ -0,0 +1,23 @@
+#!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
+. /usr/sbin/so-common
+if [ "$1" == "" ]; then
+ curl -s {{ NODEIP }}:9200/_ingest/pipeline/* | jq 'keys'
+else
+ curl -s {{ NODEIP }}:9200/_ingest/pipeline/$1 | jq
+fi
diff --git a/salt/common/tools/sbin/so-elasticsearch-templates-list b/salt/common/tools/sbin/so-elasticsearch-templates-list
new file mode 100755
index 000000000..f0cbe36e7
--- /dev/null
+++ b/salt/common/tools/sbin/so-elasticsearch-templates-list
@@ -0,0 +1,23 @@
+#!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
+. /usr/sbin/so-common
+if [ "$1" == "" ]; then
+ curl -s {{ NODEIP }}:9200/_template/* | jq 'keys'
+else
+ curl -s {{ NODEIP }}:9200/_template/$1 | jq
+fi
diff --git a/salt/common/tools/sbin/so-elasticsearch-templates b/salt/common/tools/sbin/so-elasticsearch-templates-load
similarity index 100%
rename from salt/common/tools/sbin/so-elasticsearch-templates
rename to salt/common/tools/sbin/so-elasticsearch-templates-load
diff --git a/salt/common/tools/sbin/so-test b/salt/common/tools/sbin/so-test
old mode 100644
new mode 100755
diff --git a/salt/common/tools/sbin/so-user-list b/salt/common/tools/sbin/so-user-list
old mode 100644
new mode 100755
diff --git a/salt/curator/files/bin/so-curator-closed-delete-delete b/salt/curator/files/bin/so-curator-closed-delete-delete
index 0d894db2f..90abdcccd 100755
--- a/salt/curator/files/bin/so-curator-closed-delete-delete
+++ b/salt/curator/files/bin/so-curator-closed-delete-delete
@@ -1,7 +1,7 @@
#!/bin/bash
-{%- if grains['role'] in ['so-node', 'so-searchnode', 'so-heavynode'] %}
+{%- if grains['role'] in ['so-node', 'so-heavynode'] %}
{%- set ELASTICSEARCH_HOST = salt['pillar.get']('elasticsearch:mainip', '') -%}
{%- set ELASTICSEARCH_PORT = salt['pillar.get']('elasticsearch:es_port', '') -%}
{%- set LOG_SIZE_LIMIT = salt['pillar.get']('elasticsearch:log_size_limit', '') -%}
diff --git a/salt/elastalert/files/modules/so/playbook-es.py b/salt/elastalert/files/modules/so/playbook-es.py
index 675c4c9e8..31a58b44b 100644
--- a/salt/elastalert/files/modules/so/playbook-es.py
+++ b/salt/elastalert/files/modules/so/playbook-es.py
@@ -16,7 +16,7 @@ class PlaybookESAlerter(Alerter):
today = strftime("%Y.%m.%d", gmtime())
timestamp = strftime("%Y-%m-%d"'T'"%H:%M:%S", gmtime())
headers = {"Content-Type": "application/json"}
- payload = {"rule.name": self.rule['play_title'],"rule.uuid": self.rule['play_id'],"event.severity": self.rule['event.severity'],"kibana_pivot": self.rule['kibana_pivot'],"soc_pivot": self.rule['soc_pivot'],"event.module": self.rule['event.module'],"event.dataset": self.rule['event.dataset'],"play_url": self.rule['play_url'],"sigma_level": self.rule['sigma_level'],"event.severity_label": self.rule['sigma_level'],"rule.category": self.rule['rule.category'],"event_data": match, "@timestamp": timestamp}
+ payload = {"rule": { "name": self.rule['play_title'],"uuid": self.rule['play_id'],"category": self.rule['rule.category']},"event":{ "severity": self.rule['event.severity'],"module": self.rule['event.module'],"dataset": self.rule['event.dataset'],"severity_label": self.rule['sigma_level']},"kibana_pivot": self.rule['kibana_pivot'],"soc_pivot": self.rule['soc_pivot'],"play_url": self.rule['play_url'],"sigma_level": self.rule['sigma_level'],"event_data": match, "@timestamp": timestamp}
url = f"http://{self.rule['elasticsearch_host']}/so-playbook-alerts-{today}/_doc/"
requests.post(url, data=json.dumps(payload), headers=headers, verify=False)
diff --git a/salt/elasticsearch/files/ingest/common b/salt/elasticsearch/files/ingest/common
index d0acaed13..82ab27b2b 100644
--- a/salt/elasticsearch/files/ingest/common
+++ b/salt/elasticsearch/files/ingest/common
@@ -48,6 +48,7 @@
{ "rename": { "field": "category", "target_field": "event.category", "ignore_failure": true, "ignore_missing": true } },
{ "rename": { "field": "message2.community_id", "target_field": "network.community_id", "ignore_failure": true, "ignore_missing": true } },
{ "lowercase": { "field": "event.dataset", "ignore_failure": true, "ignore_missing": true } },
+ { "lowercase": { "field": "network.transport", "ignore_failure": true, "ignore_missing": true } },
{ "convert": { "field": "destination.port", "type": "integer", "ignore_failure": true, "ignore_missing": true } },
{ "convert": { "field": "source.port", "type": "integer", "ignore_failure": true, "ignore_missing": true } },
{ "convert": { "field": "log.id.uid", "type": "string", "ignore_failure": true, "ignore_missing": true } },
diff --git a/salt/elasticsearch/files/ingest/common.nids b/salt/elasticsearch/files/ingest/common.nids
new file mode 100644
index 000000000..25d24926c
--- /dev/null
+++ b/salt/elasticsearch/files/ingest/common.nids
@@ -0,0 +1,17 @@
+{
+ "description" : "common.nids",
+ "processors" : [
+ { "convert": { "if": "ctx.rule.uuid != null", "field": "rule.uuid", "type": "integer" } },
+ { "set": { "if": "ctx.rule?.uuid < 1000000", "field": "rule.reference", "value": "https://www.snort.org/search?query={{rule.gid}}-{{rule.uuid}}" } },
+ { "set": { "if": "ctx.rule?.uuid > 1999999", "field": "rule.reference", "value": "https://doc.emergingthreats.net/{{rule.uuid}}" } },
+ { "convert": { "if": "ctx.rule.uuid != null", "field": "rule.uuid", "type": "string" } },
+ { "dissect": { "if": "ctx.rule.name != null", "field": "rule.name", "pattern" : "%{rule_type} %{rest_of_rulename} ", "ignore_failure": true } },
+ { "set": { "if": "ctx.rule_type == 'GPL'", "field": "rule_ruleset", "value": "Snort GPL" } },
+ { "set": { "if": "ctx.rule_type == 'ET'", "field": "rule.ruleset", "value": "Emerging Threats" } },
+ { "set": { "if": "ctx.rule.severity == 3", "field": "event.severity", "value": 1, "override": true } },
+ { "set": { "if": "ctx.rule.severity == 2", "field": "event.severity", "value": 2, "override": true } },
+ { "set": { "if": "ctx.rule.severity == 1", "field": "event.severity", "value": 3, "override": true } },
+ { "remove": { "field": ["rule_type", "rest_of_rulename"], "ignore_failure": true } },
+ { "pipeline": { "name": "common" } }
+ ]
+}
diff --git a/salt/elasticsearch/files/ingest/common_nids b/salt/elasticsearch/files/ingest/common_nids
deleted file mode 100644
index 4fffab7c1..000000000
--- a/salt/elasticsearch/files/ingest/common_nids
+++ /dev/null
@@ -1,17 +0,0 @@
-{
- "description" : "common_nids",
- "processors" : [
- { "convert": { "field": "sid", "type": "integer" } },
- { "set": { "if": "ctx.sid < 1000000", "field": "signature_info", "value": "https://www.snort.org/search?query={{gid}}-{{sid}}" } },
- { "set": { "if": "ctx.sid > 1999999", "field": "signature_info", "value": "https://doc.emergingthreats.net/{{sid}}" } },
- { "remove": { "if": "ctx.sid > 2999999", "field": "signature_info" } },
- { "set": { "if": "ctx.priority == '1'", "field": "severity", "value": "High" } },
- { "set": { "if": "ctx.priority == '2'", "field": "severity", "value": "Medium" } },
- { "set": { "if": "ctx.priority == '3'", "field": "severity", "value": "Low" } },
- { "dissect": { "field": "alert", "pattern" : "%{rule_type} %{category} ", "ignore_failure": true } },
- { "set": { "if": "ctx.rule_type == 'GPL'", "field": "rule_type", "value": "Snort GPL" } },
- { "set": { "if": "ctx.rule_type == 'ET'", "field": "rule_type", "value": "Emerging Threats" } },
- { "lowercase": { "field": "category", "ignore_failure": true } },
- { "pipeline": { "name": "common" } }
- ]
-}
diff --git a/salt/elasticsearch/files/ingest/sguild_nids b/salt/elasticsearch/files/ingest/sguild_nids
deleted file mode 100644
index c7bcdc418..000000000
--- a/salt/elasticsearch/files/ingest/sguild_nids
+++ /dev/null
@@ -1,25 +0,0 @@
-{
- "description" : "sguild_nids",
- "processors" : [
- {
- "dissect": {
- "field": "message",
- "pattern" : "%{} %{} %{} Alert Received: %{} %{priority} %{classification} %{interface} {%{alerttime}} %{} %{} {%{alert}} %{source_ip} %{destination_ip} %{protocol} %{source_port} %{destination_port} %{gid} %{sid} %{rev} ",
- "on_failure": [ { "drop" : { } } ]
- }
- },
- { "set": { "if": "ctx.protocol == '1'", "field": "protocol", "value": "ICMP" } },
- { "set": { "if": "ctx.protocol == '6'", "field": "protocol", "value": "TCP" } },
- { "set": { "if": "ctx.protocol == '17'", "field": "protocol", "value": "UDP" } },
- { "remove": { "if": "ctx.source_ip == '{}'", "field": "source_ip" } },
- { "remove": { "if": "ctx.destination_ip == '{}'", "field": "destination_ip" } },
- { "remove": { "if": "ctx.protocol == '{}'", "field": "protocol" } },
- { "remove": { "if": "ctx.source_port == '{}'", "field": "source_port" } },
- { "remove": { "if": "ctx.destination_port == '{}'", "field": "destination_port" } },
- { "set": { "field": "type", "value": "snort" } },
- { "rename": { "field": "@timestamp", "target_field": "timestamp", "ignore_missing": true } },
- { "date": { "field": "alerttime", "target_field": "@timestamp", "formats": ["yyyy-MM-dd HH:mm:ss"], "ignore_failure": true } },
- { "remove": { "field": "alerttime", "ignore_missing": true } },
- { "pipeline": { "name": "common_nids" } }
- ]
-}
diff --git a/salt/elasticsearch/files/ingest/snort b/salt/elasticsearch/files/ingest/snort
deleted file mode 100644
index b841ca917..000000000
--- a/salt/elasticsearch/files/ingest/snort
+++ /dev/null
@@ -1,21 +0,0 @@
-{
- "description" : "snort",
- "processors" : [
- {
- "dissect": {
- "field": "message",
- "pattern" : "[%{gid}:%{sid}:%{rev}] %{alert} [Classification: %{classification}] [Priority: %{priority}]: <%{interface}> {%{protocol}} %{source_ip_port} -> %{destination_ip_port}",
- "on_failure": [ { "drop" : { } } ]
- }
- },
- { "split": { "field": "source_ip_port", "separator": ":", "ignore_failure": true } },
- { "split": { "field": "destination_ip_port", "separator": ":", "ignore_failure": true } },
- { "rename":{ "field": "source_ip_port.1", "target_field": "source_port", "ignore_failure": true } },
- { "rename":{ "field": "destination_ip_port.1", "target_field": "destination_port", "ignore_failure": true } },
- { "rename":{ "field": "source_ip_port.0", "target_field": "source_ip", "ignore_failure": true } },
- { "rename":{ "field": "destination_ip_port.0", "target_field": "destination_ip", "ignore_failure": true } },
- { "remove":{ "field": "source_ip_port", "ignore_failure": true } },
- { "remove":{ "field": "destination_ip_port", "ignore_failure": true } },
- { "pipeline": { "name": "common_nids" } }
- ]
-}
diff --git a/salt/elasticsearch/files/ingest/strelka.file b/salt/elasticsearch/files/ingest/strelka.file
index d9d6fc0f0..43ad6c283 100644
--- a/salt/elasticsearch/files/ingest/strelka.file
+++ b/salt/elasticsearch/files/ingest/strelka.file
@@ -6,7 +6,8 @@
{ "rename": { "field": "message2.scan", "target_field": "scan", "ignore_missing": true } },
{ "rename": { "field": "message2.request", "target_field": "request", "ignore_missing": true } },
{ "rename": { "field": "scan.hash", "target_field": "hash", "ignore_missing": true } },
- { "grok": { "field": "request.attributes.filename", "patterns": ["-%{WORD:log.id.fuid}-"] } },
+
+ { "grok": { "if": "ctx.request?.attributes?.filename != null", "field": "request.attributes.filename", "patterns": ["-%{WORD:log.id.fuid}-"], "ignore_failure": true } },
{ "foreach":
{
"if": "ctx.scan?.exiftool?.keys !=null",
@@ -19,8 +20,29 @@
}
}
},
+ { "foreach":
+ {
+ "if": "ctx.scan?.yara?.meta !=null",
+ "field": "scan.yara.meta",
+ "processor":{
+ "set": {
+ "field": "rule.{{_ingest._value.identifier}}",
+ "value": "{{_ingest._value.value}}"
+ }
+ }
+ }
+ },
+ { "set": { "if": "ctx.scan?.yara?.matches != null", "field": "rule.name", "value": "{{scan.yara.matches.0}}" }},
+ { "set": { "if": "ctx.scan?.yara?.matches != null", "field": "dataset", "value": "alert", "override": true }},
+ { "rename": { "field": "scan.hash", "target_field": "", "ignore_missing": true } },
+ { "set": { "if": "ctx.rule?.name != null && ctx.rule?.score == null", "field": "event.severity", "value": 3, "override": true } },
+ { "convert" : { "if": "ctx.rule?.score != null", "field" : "rule.score","type": "integer"}},
+ { "set": { "if": "ctx.rule?.score != null && ctx.rule?.score >= 0 && ctx.rule?.score <= 49", "field": "event.severity", "value": 1, "override": true } },
+ { "set": { "if": "ctx.rule?.score != null && ctx.rule?.score >= 50 && ctx.rule?.score <=69", "field": "event.severity", "value": 2, "override": true } },
+ { "set": { "if": "ctx.rule?.score != null && ctx.rule?.score >= 70 && ctx.rule?.score <=89", "field": "event.severity", "value": 3, "override": true } },
+ { "set": { "if": "ctx.rule?.score != null && ctx.rule?.score >= 90", "field": "event.severity", "value": 4, "override": true } },
{ "set": { "field": "observer.name", "value": "{{agent.name}}" }},
- { "remove": { "field": ["host", "path", "message", "scan.exiftool.keys"], "ignore_missing": true } },
+ { "remove": { "field": ["host", "path", "message", "scan.exiftool.keys", "scan.yara.meta"], "ignore_missing": true } },
{ "pipeline": { "name": "common" } }
]
}
diff --git a/salt/elasticsearch/files/ingest/suricata.alert b/salt/elasticsearch/files/ingest/suricata.alert
index 5a0cfc4df..e372b1645 100644
--- a/salt/elasticsearch/files/ingest/suricata.alert
+++ b/salt/elasticsearch/files/ingest/suricata.alert
@@ -7,9 +7,6 @@
{ "rename":{ "field": "rule.signature_id", "target_field": "rule.uuid", "ignore_failure": true } },
{ "rename":{ "field": "rule.signature_id", "target_field": "rule.signature", "ignore_failure": true } },
{ "rename":{ "field": "message2.payload_printable", "target_field": "network.data.decoded", "ignore_failure": true } },
- { "set": { "if": "ctx.rule.severity == 3", "field": "event.severity", "value": 1, "override": true } },
- { "set": { "if": "ctx.rule.severity == 2", "field": "event.severity", "value": 2, "override": true } },
- { "set": { "if": "ctx.rule.severity == 1", "field": "event.severity", "value": 3, "override": true } },
- { "pipeline": { "name": "common" } }
+ { "pipeline": { "name": "common.nids" } }
]
}
diff --git a/salt/elasticsearch/files/ingest/zeek.tunnels b/salt/elasticsearch/files/ingest/zeek.tunnels
index 4cc7c8d5e..bb4c18268 100644
--- a/salt/elasticsearch/files/ingest/zeek.tunnels
+++ b/salt/elasticsearch/files/ingest/zeek.tunnels
@@ -3,15 +3,6 @@
"processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
- { "rename": { "field": "message2.uid", "target_field": "log.id.uid", "ignore_missing": true } },
- { "dot_expander": { "field": "id.orig_h", "path": "message2", "ignore_failure": true } },
- { "rename": { "field": "message2.id.orig_h", "target_field": "source.ip", "ignore_missing": true } },
- { "dot_expander": { "field": "id.orig_p", "path": "message2", "ignore_failure": true } },
- { "rename": { "field": "message2.id.orig_p", "target_field": "source.port", "ignore_missing": true } },
- { "dot_expander": { "field": "id.resp_h", "path": "message2", "ignore_failure": true } },
- { "rename": { "field": "message2.id.resp_h", "target_field": "destination.ip", "ignore_missing": true } },
- { "dot_expander": { "field": "id.resp_p", "path": "message2", "ignore_failure": true } },
- { "rename": { "field": "message2.id.resp_p", "target_field": "destination.port", "ignore_missing": true } },
{ "rename": { "field": "message2.tunnel_type", "target_field": "tunnel.type", "ignore_missing": true } },
{ "rename": { "field": "message2.action", "target_field": "event.action", "ignore_missing": true } },
{ "pipeline": { "name": "zeek.common" } }
diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls
index 43db556fa..c43edba23 100644
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -237,10 +237,10 @@ so-elasticsearch-pipelines:
- file: esyml
- file: so-elasticsearch-pipelines-file
-{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode', 'so-import'] and TEMPLATES %}
+{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-node', 'so-import'] and TEMPLATES %}
so-elasticsearch-templates:
cmd.run:
- - name: /usr/sbin/so-elasticsearch-templates
+ - name: /usr/sbin/so-elasticsearch-templates-load
- cwd: /opt/so
{% endif %}
diff --git a/salt/elasticsearch/templates/so/so-common-template.json b/salt/elasticsearch/templates/so/so-common-template.json
index 979894bd1..43a4c7378 100644
--- a/salt/elasticsearch/templates/so/so-common-template.json
+++ b/salt/elasticsearch/templates/so/so-common-template.json
@@ -353,6 +353,9 @@
"type":"object",
"dynamic":true,
"properties":{
+ "score":{
+ "type":"long"
+ },
"uuid":{
"type":"keyword"
}
diff --git a/salt/grafana/dashboards/eval/eval.json b/salt/grafana/dashboards/eval/eval.json
index 53d9ca643..9b7e5616e 100644
--- a/salt/grafana/dashboards/eval/eval.json
+++ b/salt/grafana/dashboards/eval/eval.json
@@ -1,4211 +1,4626 @@
{
- "annotations": {
- "list": [
+ "annotations": {
+ "list": [
+ {
+ "builtIn": 1,
+ "datasource": "-- Grafana --",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "name": "Annotations & Alerts",
+ "type": "dashboard"
+ }
+ ]
+ },
+ "description": "This Dashboard provides a general overview of Evaluation Mode",
+ "editable": true,
+ "gnetId": 2381,
+ "graphTooltip": 0,
+ "iteration": 1602101784759,
+ "links": [],
+ "panels": [
+ {
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "decimals": 2,
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "rgb(255, 255, 255)",
+ "value": null
+ }
+ ]
+ },
+ "unit": "s"
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 0,
+ "y": 0
+ },
+ "id": 39,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "none",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ }
+ },
+ "pluginVersion": "7.0.5",
+ "targets": [
{
- "builtIn": 1,
- "datasource": "-- Grafana --",
- "enable": true,
- "hide": true,
- "iconColor": "rgba(0, 211, 255, 1)",
- "name": "Annotations & Alerts",
- "type": "dashboard"
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "uptime"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "last"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
- ]
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - System Uptime",
+ "type": "stat"
},
- "description": "This Dashboard provides a general overview of Evaluation Mode",
- "editable": true,
- "gnetId": 2381,
- "graphTooltip": 0,
- "iteration": 1586866635738,
- "links": [],
- "panels": [
- {
- "cacheTimeout": null,
- "datasource": "InfluxDB",
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 0,
- "y": 0
+ {
+ "cacheTimeout": null,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "mappings": [
+ {
+ "id": 0,
+ "op": "=",
+ "text": "N/A",
+ "type": 1,
+ "value": "null"
+ }
+ ],
+ "max": 100,
+ "min": 0,
+ "nullValueMode": "connected",
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "rgba(50, 172, 45, 0.97)",
+ "value": null
+ },
+ {
+ "color": "rgba(237, 129, 40, 0.89)",
+ "value": 60
+ },
+ {
+ "color": "rgba(245, 54, 54, 0.9)",
+ "value": 80
+ }
+ ]
+ },
+ "unit": "percent"
},
- "id": 2,
- "links": [],
- "options": {
- "fieldOptions": {
- "calcs": [
- "lastNotNull"
- ],
- "defaults": {
- "mappings": [
- {
- "id": 0,
- "op": "=",
- "text": "N/A",
- "type": 1,
- "value": "null"
- }
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 4,
+ "y": 0
+ },
+ "id": 2,
+ "links": [],
+ "options": {
+ "orientation": "horizontal",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "showThresholdLabels": false,
+ "showThresholdMarkers": true
+ },
+ "pluginVersion": "7.0.5",
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
],
- "max": 100,
- "min": 0,
- "nullValueMode": "connected",
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "rgba(50, 172, 45, 0.97)",
- "value": null
- },
- {
- "color": "rgba(237, 129, 40, 0.89)",
- "value": 60
- },
- {
- "color": "rgba(245, 54, 54, 0.9)",
- "value": 80
- }
- ]
- },
- "unit": "percent"
+ "type": "time"
},
- "overrides": [],
- "values": false
- },
- "orientation": "horizontal",
- "showThresholdLabels": false,
- "showThresholdMarkers": true
- },
- "pluginVersion": "6.6.2",
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_idle"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- "* -1 + 100"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "cpu",
- "operator": "=",
- "value": "cpu-total"
- }
- ]
- }
- ],
- "title": "{{ SERVERNAME }} - CPU",
- "type": "gauge"
- },
- {
- "cacheTimeout": null,
- "datasource": "InfluxDB",
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 4,
- "y": 0
- },
- "id": 12,
- "links": [],
- "options": {
- "fieldOptions": {
- "calcs": [
- "lastNotNull"
- ],
- "defaults": {
- "mappings": [
- {
- "id": 0,
- "op": "=",
- "text": "N/A",
- "type": 1,
- "value": "null"
- }
+ {
+ "params": [
+ "null"
],
- "max": "{{ ROOTFS }}",
- "min": 0,
- "nullValueMode": "connected",
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "rgba(50, 172, 45, 0.97)",
- "value": null
- },
- {
- "color": "rgba(237, 129, 40, 0.89)",
- "value": "{{ ROOTFS * '.80'|float }}"
- },
- {
- "color": "rgba(245, 54, 54, 0.9)",
- "value": "{{ ROOTFS * '.90'|float }}"
- }
- ]
- },
- "unit": "bytes"
- },
- "overrides": [],
- "values": false
- },
- "orientation": "horizontal",
- "showThresholdLabels": false,
- "showThresholdMarkers": true
- },
- "pluginVersion": "6.6.2",
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
+ "type": "fill"
+ }
+ ],
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
{
"params": [
- "$Interval"
+ "usage_idle"
],
- "type": "time"
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
},
{
"params": [
- "null"
+ "* -1 + 100"
],
- "type": "fill"
- }
- ],
- "measurement": "disk",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "used"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "path",
- "operator": "=",
- "value": "/"
+ "type": "math"
}
]
- }
- ],
- "title": "{{ SERVERNAME }} - Disk Used(/)",
- "type": "gauge"
- },
- {
- "cacheTimeout": null,
- "datasource": "InfluxDB",
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 8,
- "y": 0
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ }
+ ],
+ "title": "{{ SERVERNAME }} - CPU",
+ "type": "gauge"
+ },
+ {
+ "aliasColors": {},
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
},
- "id": 31,
- "links": [],
- "options": {
- "fieldOptions": {
- "calcs": [
- "lastNotNull"
- ],
- "defaults": {
- "mappings": [
- {
- "id": 0,
- "op": "=",
- "text": "N/A",
- "type": 1,
- "value": "null"
- }
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 8,
+ "y": 0
+ },
+ "hiddenSeries": false,
+ "id": 71,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": false,
+ "linewidth": 1,
+ "nullPointMode": "null",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 2,
+ "points": true,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
],
- "max": "{{ NSMFS }}",
- "min": 0,
- "nullValueMode": "connected",
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "rgba(50, 172, 45, 0.97)",
- "value": null
- },
- {
- "color": "rgba(237, 129, 40, 0.89)",
- "value": "{{ ROOTFS * '.80'|float }}"
- },
- {
- "color": "rgba(245, 54, 54, 0.9)",
- "value": "{{ ROOTFS * '.90'|float }}"
- }
- ]
- },
- "unit": "bytes"
+ "type": "time"
},
- "overrides": [],
- "values": false
- },
- "orientation": "horizontal",
- "showThresholdLabels": false,
- "showThresholdMarkers": true
- },
- "pluginVersion": "6.6.2",
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "zeekcaptureloss",
+ "orderByTime": "ASC",
+ "policy": "autogen",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
{
"params": [
- "$Interval"
+ "loss"
],
- "type": "time"
+ "type": "field"
},
{
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "disk",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "used"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "path",
- "operator": "=",
- "value": "/nsm"
+ "params": [],
+ "type": "mean"
}
]
- }
- ],
- "title": "{{ SERVERNAME }} - Disk Used(/nsm)",
- "type": "gauge"
- },
- {
- "aliasColors": {},
- "bars": false,
- "cacheTimeout": null,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "fill": 1,
- "fillGradient": 0,
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 12,
- "y": 0
- },
- "hiddenSeries": false,
- "id": 20,
- "legend": {
- "avg": false,
- "current": false,
- "max": false,
- "min": false,
- "show": false,
- "total": false,
- "values": false
- },
- "lines": true,
- "linewidth": 1,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pluginVersion": "6.6.2",
- "pointradius": 2,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "brodrop",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "drop"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "last"
- },
- {
- "params": [
- "* 100"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Zeek Packet Loss",
- "tooltip": {
- "shared": true,
- "sort": 0,
- "value_type": "individual"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "decimals": null,
- "format": "percent",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": false
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Zeek Capture Loss",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
},
- {
- "aliasColors": {},
- "bars": false,
- "cacheTimeout": null,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "fill": 1,
- "fillGradient": 0,
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 16,
- "y": 0
- },
- "hiddenSeries": false,
- "id": 21,
- "legend": {
- "avg": false,
- "current": false,
- "max": false,
- "min": false,
- "show": false,
- "total": false,
- "values": false
- },
- "lines": true,
- "linewidth": 1,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pointradius": 2,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "suridrop",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "drop"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "last"
- },
- {
- "params": [
- "* 100"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Suricata Packet Loss",
- "tooltip": {
- "shared": true,
- "sort": 0,
- "value_type": "individual"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "percent",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": false
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
},
- {
- "aliasColors": {},
- "bars": false,
- "cacheTimeout": null,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "fill": 1,
- "fillGradient": 0,
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 20,
- "y": 0
- },
- "hiddenSeries": false,
- "id": 19,
- "legend": {
- "avg": false,
- "current": false,
- "max": false,
- "min": false,
- "show": false,
- "total": false,
- "values": false
- },
- "lines": true,
- "linewidth": 1,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pluginVersion": "6.6.2",
- "pointradius": 2,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "stenodrop",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "drop"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "last"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - PCAP Packet Loss",
- "tooltip": {
- "shared": true,
- "sort": 0,
- "value_type": "individual"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "decimals": null,
- "format": "percent",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": false
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {
- "Interrupt": "#70DBED",
- "Nice": "#629E51",
- "SoftIRQ": "#EA6460",
- "System": "#BF1B00",
- "User": "#1F78C1",
- "Wait": "#F2C96D",
- "cpu.mean": "#629E51"
- },
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "fill": 4,
- "fillGradient": 0,
- "grid": {},
- "gridPos": {
- "h": 8,
- "w": 8,
- "x": 0,
- "y": 5
- },
- "hiddenSeries": false,
- "id": 4,
- "legend": {
- "alignAsTable": true,
- "avg": true,
- "current": true,
- "max": true,
- "min": true,
- "show": true,
- "total": false,
- "values": true
- },
- "lines": true,
- "linewidth": 2,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "alias": "System",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_system"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "cpu",
- "operator": "=",
- "value": "cpu-total"
- }
- ]
- },
- {
- "alias": "User",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "B",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_user"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "cpu",
- "operator": "=",
- "value": "cpu-total"
- }
- ]
- },
- {
- "alias": "Nice",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "C",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_nice"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "cpu",
- "operator": "=",
- "value": "cpu-total"
- }
- ]
- },
- {
- "alias": "Interrupt",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "D",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_irq"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "cpu",
- "operator": "=",
- "value": "cpu-total"
- }
- ]
- },
- {
- "alias": "Wait",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "E",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_iowait"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "cpu",
- "operator": "=",
- "value": "cpu-total"
- }
- ]
- },
- {
- "alias": "SoftIRQ",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "F",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_softirq"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "cpu",
- "operator": "=",
- "value": "cpu-total"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - CPU Usage",
- "tooltip": {
- "msResolution": true,
- "shared": true,
- "sort": 0,
- "value_type": "cumulative"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "percent",
- "label": "Percent(%)",
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {},
- "bars": false,
- "cacheTimeout": null,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "fill": 1,
- "fillGradient": 0,
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 8,
- "y": 5
- },
- "hiddenSeries": false,
- "id": 35,
- "legend": {
- "avg": false,
- "current": false,
- "max": false,
- "min": false,
- "show": false,
- "total": false,
- "values": false
- },
- "lines": true,
- "linewidth": 1,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pluginVersion": "6.6.2",
- "pointradius": 2,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "docker_container_cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_percent"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- " / {{ CPUS }}"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "container_name",
- "operator": "=",
- "value": "so-elasticsearch"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - ES CPU Usage",
- "tooltip": {
- "shared": true,
- "sort": 0,
- "value_type": "individual"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "percent",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": false
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {},
- "bars": false,
- "cacheTimeout": null,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "fill": 1,
- "fillGradient": 0,
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 12,
- "y": 5
- },
- "hiddenSeries": false,
- "id": 26,
- "legend": {
- "avg": false,
- "current": false,
- "max": false,
- "min": false,
- "show": false,
- "total": false,
- "values": false
- },
- "lines": true,
- "linewidth": 1,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pointradius": 2,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "docker_container_cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_percent"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- " / {{ CPUS }}"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "container_name",
- "operator": "=",
- "value": "so-zeek"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Zeek CPU Usage",
- "tooltip": {
- "shared": true,
- "sort": 0,
- "value_type": "individual"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "percent",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": false
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {},
- "bars": false,
- "cacheTimeout": null,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "fill": 1,
- "fillGradient": 0,
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 16,
- "y": 5
- },
- "hiddenSeries": false,
- "id": 27,
- "legend": {
- "avg": false,
- "current": false,
- "max": false,
- "min": false,
- "show": false,
- "total": false,
- "values": false
- },
- "lines": true,
- "linewidth": 1,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pointradius": 2,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "docker_container_cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_percent"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- " / {{ CPUS }}"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "container_name",
- "operator": "=",
- "value": "so-suricata"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Suri CPU Usage",
- "tooltip": {
- "shared": true,
- "sort": 0,
- "value_type": "individual"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "percent",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": false
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {},
- "bars": false,
- "cacheTimeout": null,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "fill": 1,
- "fillGradient": 0,
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 20,
- "y": 5
- },
- "hiddenSeries": false,
- "id": 28,
- "legend": {
- "avg": false,
- "current": false,
- "max": false,
- "min": false,
- "show": false,
- "total": false,
- "values": false
- },
- "lines": true,
- "linewidth": 1,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pointradius": 2,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "docker_container_cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_percent"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- " / {{ CPUS }}"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "container_name",
- "operator": "=",
- "value": "so-steno"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Steno CPU Usage",
- "tooltip": {
- "shared": true,
- "sort": 0,
- "value_type": "individual"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "decimals": null,
- "format": "percent",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": false
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {},
- "bars": false,
- "cacheTimeout": null,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "fill": 1,
- "fillGradient": 0,
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 8,
- "y": 10
- },
- "hiddenSeries": false,
- "id": 34,
- "legend": {
- "avg": false,
- "current": false,
- "max": false,
- "min": false,
- "show": false,
- "total": false,
- "values": false
- },
- "lines": true,
- "linewidth": 1,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pointradius": 2,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "elasticsearch_indices",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "store_size_in_bytes"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - ES Store Size",
- "tooltip": {
- "shared": true,
- "sort": 0,
- "value_type": "individual"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "decbytes",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": false
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {},
- "bars": false,
- "cacheTimeout": null,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "fill": 1,
- "fillGradient": 0,
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 12,
- "y": 10
- },
- "hiddenSeries": false,
- "id": 23,
- "legend": {
- "avg": false,
- "current": false,
- "max": false,
- "min": false,
- "show": false,
- "total": false,
- "values": false
- },
- "lines": true,
- "linewidth": 1,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pluginVersion": "6.6.2",
- "pointradius": 2,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "docker_container_mem",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "container_name",
- "operator": "=",
- "value": "so-zeek"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Zeek Memory Usage",
- "tooltip": {
- "shared": true,
- "sort": 0,
- "value_type": "individual"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "decbytes",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": false
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {},
- "bars": false,
- "cacheTimeout": null,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "fill": 1,
- "fillGradient": 0,
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 16,
- "y": 10
- },
- "hiddenSeries": false,
- "id": 24,
- "legend": {
- "avg": false,
- "current": false,
- "max": false,
- "min": false,
- "show": false,
- "total": false,
- "values": false
- },
- "lines": true,
- "linewidth": 1,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pointradius": 2,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "docker_container_mem",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "container_name",
- "operator": "=",
- "value": "so-suricata"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Suri Memory Usage",
- "tooltip": {
- "shared": true,
- "sort": 0,
- "value_type": "individual"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "decbytes",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": false
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {},
- "bars": false,
- "cacheTimeout": null,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "fill": 1,
- "fillGradient": 0,
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 20,
- "y": 10
- },
- "hiddenSeries": false,
- "id": 25,
- "legend": {
- "avg": false,
- "current": false,
- "max": false,
- "min": false,
- "show": false,
- "total": false,
- "values": false
- },
- "lines": true,
- "linewidth": 1,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pointradius": 2,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "docker_container_mem",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "container_name",
- "operator": "=",
- "value": "so-steno"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Steno Memory Usage",
- "tooltip": {
- "shared": true,
- "sort": 0,
- "value_type": "individual"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "decimals": null,
- "format": "decbytes",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": false
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {
- "Buffered": "#6ED0E0",
- "Cached": "#F9934E",
- "Free": "#629E51",
- "Used": "#58140C"
- },
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "decimals": null,
- "editable": true,
- "error": false,
- "fill": 6,
- "fillGradient": 0,
- "grid": {},
- "gridPos": {
- "h": 7,
- "w": 8,
- "x": 0,
- "y": 13
- },
- "hiddenSeries": false,
- "id": 5,
- "legend": {
- "alignAsTable": true,
- "avg": true,
- "current": true,
- "hideEmpty": false,
- "hideZero": false,
- "max": true,
- "min": true,
- "show": true,
- "total": false,
- "values": true
- },
- "lines": true,
- "linewidth": 0,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": true,
- "steppedLine": false,
- "targets": [
- {
- "alias": "Used",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "mem",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "used"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- },
- {
- "alias": "Buffered",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "mem",
- "policy": "default",
- "refId": "B",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "buffered"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- },
- {
- "alias": "Cached",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "mem",
- "policy": "default",
- "refId": "C",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "cached"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- },
- {
- "alias": "Free",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "mem",
- "policy": "default",
- "refId": "D",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "free"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Memory",
- "tooltip": {
- "msResolution": true,
- "shared": true,
- "sort": 0,
- "value_type": "individual"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "bytes",
- "label": "Bytes",
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "cacheTimeout": null,
- "colorBackground": false,
- "colorValue": false,
- "colors": [
- "rgba(50, 172, 45, 0.97)",
- "rgba(237, 129, 40, 0.89)",
- "rgba(245, 54, 54, 0.9)"
- ],
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "format": "none",
- "gauge": {
- "maxValue": 100,
- "minValue": 0,
- "show": false,
- "thresholdLabels": false,
- "thresholdMarkers": true
- },
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 8,
- "y": 15
- },
- "id": 33,
- "interval": null,
- "links": [],
- "mappingType": 1,
- "mappingTypes": [
- {
- "name": "value to text",
- "value": 1
- },
- {
- "name": "range to text",
- "value": 2
- }
- ],
- "maxDataPoints": 100,
- "nullPointMode": "connected",
- "nullText": null,
- "options": {},
- "postfix": "",
- "postfixFontSize": "50%",
- "prefix": "",
- "prefixFontSize": "50%",
- "rangeMaps": [
- {
- "from": "null",
- "text": "N/A",
- "to": "null"
- }
- ],
- "sparkline": {
- "fillColor": "rgba(31, 118, 189, 0.18)",
- "full": true,
- "lineColor": "rgb(31, 120, 193)",
+ "yaxes": [
+ {
+ "$$hashKey": "object:198",
+ "decimals": 1,
+ "format": "percent",
+ "label": "",
+ "logBase": 1,
+ "max": null,
+ "min": null,
"show": true
},
- "tableColumn": "",
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "elasticsearch_indices",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "docs_count"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": "",
- "title": "{{ SERVERNAME }} - ES Documents",
- "type": "singlestat",
- "valueFontSize": "80%",
- "valueMaps": [
- {
- "op": "=",
- "text": "N/A",
- "value": "null"
- }
- ],
- "valueName": "current"
- },
- {
- "datasource": "InfluxDB",
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 12,
- "y": 15
- },
- "id": 37,
- "options": {
- "colorMode": "value",
- "fieldOptions": {
- "calcs": [
- "sum"
- ],
- "defaults": {
- "mappings": [],
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "value": 1,
- "color": "red"
- }
- ]
- }
- },
- "overrides": [],
- "values": false
- },
- "graphMode": "area",
- "justifyMode": "auto",
- "orientation": "auto"
- },
- "pluginVersion": "6.6.2",
- "targets": [
- {
- "groupBy": [
- {
- "params": [
- "$__interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "healthcheck",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "zeek_restart"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "last"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "timeFrom": null,
- "timeShift": null,
- "title": "Zeek Restarts via Healthcheck",
- "type": "stat"
- },
- {
- "datasource": "InfluxDB",
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 16,
- "y": 15
- },
- "id": 39,
- "options": {
- "graphMode": "none",
- "colorMode": "value",
- "justifyMode": "auto",
- "fieldOptions": {
- "values": false,
- "calcs": [
- "lastNotNull"
- ],
- "defaults": {
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "rgb(255, 255, 255)",
- "value": null
- }
- ]
- },
- "mappings": [],
- "unit": "s",
- "decimals": 2
- },
- "overrides": []
- },
- "orientation": "auto"
- },
- "pluginVersion": "6.6.2",
- "targets": [
- {
- "groupBy": [
- {
- "params": [
- "$__interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "system",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "uptime"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "last"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "timeFrom": null,
- "timeShift": null,
- "title": "{{ SERVERNAME }} - System Uptime",
- "type": "stat"
- },
- {
- "cacheTimeout": null,
- "datasource": "InfluxDB",
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 20,
- "y": 15
- },
- "id": 22,
- "links": [],
- "options": {
- "fieldOptions": {
- "calcs": [
- "lastNotNull"
- ],
- "defaults": {
- "decimals": 2,
- "mappings": [
- {
- "id": 0,
- "op": "=",
- "text": "N/A",
- "type": 1,
- "value": "null"
- }
- ],
- "max": 1209600,
- "min": 0,
- "nullValueMode": "connected",
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "rgba(245, 54, 54, 0.9)",
- "value": null
- },
- {
- "color": "rgba(237, 129, 40, 0.89)",
- "value": 259200
- },
- {
- "color": "rgba(50, 172, 45, 0.97)",
- "value": 432000
- }
- ]
- },
- "unit": "s"
- },
- "overrides": [],
- "values": false
- },
- "orientation": "horizontal",
- "showThresholdLabels": false,
- "showThresholdMarkers": true
- },
- "pluginVersion": "6.6.2",
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "pcapage",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "seconds"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "timeFrom": null,
- "timeShift": null,
- "title": "{{ SERVERNAME }} - PCAP Retention",
- "type": "gauge"
- },
- {
- "aliasColors": {
- "#cpu": "green",
- "1 Minute Average": "#EAB839",
- "15 Minute Average": "#BF1B00",
- "5 Minute Average": "#E0752D"
- },
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "fill": 1,
- "fillGradient": 0,
- "grid": {},
- "gridPos": {
- "h": 7,
- "w": 8,
- "x": 0,
- "y": 20
- },
- "hiddenSeries": false,
- "id": 6,
- "legend": {
- "alignAsTable": true,
- "avg": true,
- "current": true,
- "max": true,
- "min": true,
- "show": true,
- "total": false,
- "values": true
- },
- "lines": true,
- "linewidth": 2,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [
- {
- "alias": "#cpu",
- "fill": 0
- }
- ],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "alias": "#cpu",
- "groupBy": [
- {
- "params": [
- "$__interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "system",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "D",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "n_cpus"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "last"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- },
- {
- "alias": "1 Minute Average",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "system",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "load1"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- },
- {
- "alias": "5 Minute Average",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "system",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "B",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "load5"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- },
- {
- "alias": "15 Minute Average",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "system",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "C",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "load15"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Load Average",
- "tooltip": {
- "msResolution": true,
- "shared": true,
- "sort": 0,
- "value_type": "cumulative"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": false
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {
- "InBound": "#629E51",
- "OutBound": "#5195CE",
- "net.derivative": "#1F78C1"
- },
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "fill": 1,
- "fillGradient": 0,
- "grid": {},
- "gridPos": {
- "h": 7,
- "w": 8,
- "x": 8,
- "y": 20
- },
- "hiddenSeries": false,
- "id": 18,
- "legend": {
- "alignAsTable": true,
- "avg": true,
- "current": true,
- "max": true,
- "min": true,
- "show": true,
- "total": false,
- "values": true
- },
- "lines": true,
- "linewidth": 2,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "alias": "Inbound",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "net",
- "orderByTime": "ASC",
- "policy": "default",
- "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
- "rawQuery": false,
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "bytes_recv"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- "1s"
- ],
- "type": "derivative"
- },
- {
- "params": [
- "*8"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "interface",
- "operator": "=",
- "value": "{{ MANINT }}"
- }
- ]
- },
- {
- "alias": "Outbound",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "net",
- "orderByTime": "ASC",
- "policy": "default",
- "query": "SELECT 8 * derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
- "rawQuery": false,
- "refId": "B",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "bytes_sent"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- "1s"
- ],
- "type": "derivative"
- },
- {
- "params": [
- "*8"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "interface",
- "operator": "=",
- "value": "{{ MANINT }}"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Management Traffic",
- "tooltip": {
- "msResolution": true,
- "shared": true,
- "sort": 0,
- "value_type": "cumulative"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "bps",
- "label": "Bits/Sec",
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {},
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "fill": 1,
- "fillGradient": 0,
- "grid": {},
- "gridPos": {
- "h": 7,
- "w": 8,
- "x": 16,
- "y": 20
- },
- "hiddenSeries": false,
- "id": 15,
- "legend": {
- "alignAsTable": true,
- "avg": true,
- "current": true,
- "max": true,
- "min": true,
- "show": true,
- "total": false,
- "values": true
- },
- "lines": true,
- "linewidth": 2,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "alias": "Threads",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "processes",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "total_threads"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Total Threads",
- "tooltip": {
- "msResolution": true,
- "shared": true,
- "sort": 0,
- "value_type": "cumulative"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {
- "Blocked": "#BF1B00",
- "Running": "#7EB26D"
- },
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "fill": 7,
- "fillGradient": 0,
- "grid": {},
- "gridPos": {
- "h": 7,
- "w": 8,
- "x": 0,
- "y": 27
- },
- "hiddenSeries": false,
- "id": 14,
- "legend": {
- "alignAsTable": true,
- "avg": true,
- "current": true,
- "max": true,
- "min": true,
- "show": true,
- "total": false,
- "values": true
- },
- "lines": true,
- "linewidth": 0,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": true,
- "steppedLine": false,
- "targets": [
- {
- "alias": "Blocked",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "hide": false,
- "measurement": "processes",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "blocked"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- },
- {
- "alias": "Running",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "processes",
- "policy": "default",
- "refId": "B",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "running"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- },
- {
- "alias": "Sleep",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "processes",
- "policy": "default",
- "refId": "C",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "sleeping"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Processes",
- "tooltip": {
- "msResolution": true,
- "shared": true,
- "sort": 0,
- "value_type": "cumulative"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {
- "InBound": "#629E51",
- "OutBound": "#5195CE",
- "net.derivative": "#1F78C1"
- },
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "fill": 1,
- "fillGradient": 0,
- "grid": {},
- "gridPos": {
- "h": 7,
- "w": 8,
- "x": 8,
- "y": 27
- },
- "hiddenSeries": false,
- "id": 10,
- "legend": {
- "alignAsTable": true,
- "avg": true,
- "current": true,
- "max": true,
- "min": true,
- "show": true,
- "total": false,
- "values": true
- },
- "lines": true,
- "linewidth": 2,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "alias": "Inbound",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "net",
- "orderByTime": "ASC",
- "policy": "default",
- "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
- "rawQuery": false,
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "bytes_recv"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- "1s"
- ],
- "type": "derivative"
- },
- {
- "params": [
- "*8"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "interface",
- "operator": "=",
- "value": "{{ MONINT }}"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Monitor Traffic",
- "tooltip": {
- "msResolution": true,
- "shared": true,
- "sort": 0,
- "value_type": "cumulative"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "bps",
- "label": "Bits/Sec",
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {},
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "fill": 1,
- "fillGradient": 0,
- "grid": {},
- "gridPos": {
- "h": 7,
- "w": 8,
- "x": 16,
- "y": 27
- },
- "hiddenSeries": false,
- "id": 13,
- "legend": {
- "avg": false,
- "current": true,
- "max": false,
- "min": false,
- "show": true,
- "total": false,
- "values": true
- },
- "lines": true,
- "linewidth": 2,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "alias": "Read",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "diskio",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "read_bytes"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [],
- "type": "difference"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- },
- {
- "alias": "Write",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "diskio",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "B",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "write_bytes"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [],
- "type": "difference"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Disk I/O",
- "tooltip": {
- "msResolution": true,
- "shared": true,
- "sort": 0,
- "value_type": "cumulative"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "bytes",
- "label": "",
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- }
- ],
- "refresh": "30s",
- "schemaVersion": 22,
- "style": "dark",
- "tags": [],
- "templating": {
- "list": [
{
- "auto": true,
- "auto_count": 30,
- "auto_min": "10s",
- "current": {
+ "$$hashKey": "object:199",
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "cacheTimeout": null,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 12,
+ "y": 0
+ },
+ "hiddenSeries": false,
+ "id": 20,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pluginVersion": "6.6.2",
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "zeekdrop",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "drop"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "last"
+ },
+ {
+ "params": [
+ "* 100"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Zeek Packet Loss",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "decimals": null,
+ "format": "percent",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "cacheTimeout": null,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 16,
+ "y": 0
+ },
+ "hiddenSeries": false,
+ "id": 21,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "suridrop",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "drop"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "last"
+ },
+ {
+ "params": [
+ "* 100"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Suricata Packet Loss",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "percent",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "cacheTimeout": null,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 20,
+ "y": 0
+ },
+ "hiddenSeries": false,
+ "id": 19,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pluginVersion": "6.6.2",
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "stenodrop",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "drop"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "last"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - PCAP Packet Loss",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "decimals": null,
+ "format": "percent",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "cacheTimeout": null,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "mappings": [
+ {
+ "id": 0,
+ "op": "=",
+ "text": "N/A",
+ "type": 1,
+ "value": "null"
+ }
+ ],
+ "max": "{{ ROOTFS }}",
+ "min": 0,
+ "nullValueMode": "connected",
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "rgba(50, 172, 45, 0.97)",
+ "value": null
+ },
+ {
+ "color": "rgba(237, 129, 40, 0.89)",
+ "value": "{{ ROOTFS * '.80'|float }}"
+ },
+ {
+ "color": "rgba(245, 54, 54, 0.9)",
+ "value": "{{ ROOTFS * '.90'|float }}"
+ }
+ ]
+ },
+ "unit": "bytes"
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 0,
+ "y": 5
+ },
+ "id": 12,
+ "links": [],
+ "options": {
+ "orientation": "horizontal",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "showThresholdLabels": false,
+ "showThresholdMarkers": true
+ },
+ "pluginVersion": "7.0.5",
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "disk",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "used"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "path",
+ "operator": "=",
+ "value": "/"
+ }
+ ]
+ }
+ ],
+ "title": "{{ SERVERNAME }} - Disk Used(/)",
+ "type": "gauge"
+ },
+ {
+ "cacheTimeout": null,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "mappings": [
+ {
+ "id": 0,
+ "op": "=",
+ "text": "N/A",
+ "type": 1,
+ "value": "null"
+ }
+ ],
+ "max": "{{ NSMFS }}",
+ "min": 0,
+ "nullValueMode": "connected",
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "rgba(50, 172, 45, 0.97)",
+ "value": null
+ },
+ {
+ "color": "rgba(237, 129, 40, 0.89)",
+ "value": "{{ ROOTFS * '.80'|float }}"
+ },
+ {
+ "color": "rgba(245, 54, 54, 0.9)",
+ "value": "{{ ROOTFS * '.90'|float }}"
+ }
+ ]
+ },
+ "unit": "bytes"
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 4,
+ "y": 5
+ },
+ "id": 31,
+ "links": [],
+ "options": {
+ "orientation": "horizontal",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "showThresholdLabels": false,
+ "showThresholdMarkers": true
+ },
+ "pluginVersion": "7.0.5",
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "disk",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "used"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "path",
+ "operator": "=",
+ "value": "/nsm"
+ }
+ ]
+ }
+ ],
+ "title": "{{ SERVERNAME }} - Disk Used(/nsm)",
+ "type": "gauge"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "cacheTimeout": null,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 8,
+ "y": 5
+ },
+ "hiddenSeries": false,
+ "id": 35,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pluginVersion": "6.6.2",
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " / {{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-elasticsearch"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - ES CPU Usage",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "percent",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "cacheTimeout": null,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 12,
+ "y": 5
+ },
+ "hiddenSeries": false,
+ "id": 26,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " / {{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-zeek"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Zeek CPU Usage",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "percent",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "cacheTimeout": null,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 16,
+ "y": 5
+ },
+ "hiddenSeries": false,
+ "id": 27,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " / {{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-suricata"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Suri CPU Usage",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "percent",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "cacheTimeout": null,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 20,
+ "y": 5
+ },
+ "hiddenSeries": false,
+ "id": 28,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " / {{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-steno"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Steno CPU Usage",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "decimals": null,
+ "format": "percent",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {
+ "Interrupt": "#70DBED",
+ "Nice": "#629E51",
+ "SoftIRQ": "#EA6460",
+ "System": "#BF1B00",
+ "User": "#1F78C1",
+ "Wait": "#F2C96D",
+ "cpu.mean": "#629E51"
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 4,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 10,
+ "w": 8,
+ "x": 0,
+ "y": 10
+ },
+ "hiddenSeries": false,
+ "id": 4,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": true,
+ "max": true,
+ "min": true,
+ "show": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "alias": "System",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "usage_system"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "User",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "usage_user"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "Nice",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "usage_nice"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "Interrupt",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "usage_irq"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "Wait",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "E",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "usage_iowait"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "SoftIRQ",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "F",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "usage_softirq"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - CPU Usage",
+ "tooltip": {
+ "msResolution": true,
+ "shared": true,
+ "sort": 0,
+ "value_type": "cumulative"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "percent",
+ "label": "Percent(%)",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 8,
+ "y": 10
+ },
+ "hiddenSeries": false,
+ "id": 73,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "docker_container_mem",
+ "orderByTime": "ASC",
+ "policy": "autogen",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "usage"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-elasticsearch"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "ES Memory Usage",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "$$hashKey": "object:147",
+ "decimals": 1,
+ "format": "decbytes",
+ "label": "",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "$$hashKey": "object:148",
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "cacheTimeout": null,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 12,
+ "y": 10
+ },
+ "hiddenSeries": false,
+ "id": 23,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pluginVersion": "6.6.2",
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "docker_container_mem",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "usage"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-zeek"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Zeek Memory Usage",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "decbytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "cacheTimeout": null,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 16,
+ "y": 10
+ },
+ "hiddenSeries": false,
+ "id": 24,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "docker_container_mem",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "usage"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-suricata"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Suri Memory Usage",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "decbytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "cacheTimeout": null,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 20,
+ "y": 10
+ },
+ "hiddenSeries": false,
+ "id": 25,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "docker_container_mem",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "usage"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-steno"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Steno Memory Usage",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "decimals": null,
+ "format": "decbytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(50, 172, 45, 0.97)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(245, 54, 54, 0.9)"
+ ],
+ "datasource": "InfluxDB",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 8,
+ "y": 15
+ },
+ "id": 33,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": true,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "elasticsearch_indices",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "docs_count"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ }
+ ],
+ "thresholds": "",
+ "title": "{{ SERVERNAME }} - ES Documents",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "cacheTimeout": null,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 12,
+ "y": 15
+ },
+ "hiddenSeries": false,
+ "id": 34,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "elasticsearch_indices",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "store_size_in_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - ES Store Size",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "decbytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 1
+ }
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 16,
+ "y": 15
+ },
+ "id": 37,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "sum"
+ ],
+ "fields": "",
+ "values": false
+ }
+ },
+ "pluginVersion": "7.0.5",
+ "targets": [
+ {
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "healthcheck",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "zeek_restart"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "last"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ }
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Zeek Restarts via Healthcheck",
+ "type": "stat"
+ },
+ {
+ "cacheTimeout": null,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "decimals": 2,
+ "mappings": [
+ {
+ "id": 0,
+ "op": "=",
+ "text": "N/A",
+ "type": 1,
+ "value": "null"
+ }
+ ],
+ "max": 1209600,
+ "min": 0,
+ "nullValueMode": "connected",
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "rgba(245, 54, 54, 0.9)",
+ "value": null
+ },
+ {
+ "color": "rgba(237, 129, 40, 0.89)",
+ "value": 259200
+ },
+ {
+ "color": "rgba(50, 172, 45, 0.97)",
+ "value": 432000
+ }
+ ]
+ },
+ "unit": "s"
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 20,
+ "y": 15
+ },
+ "id": 22,
+ "links": [],
+ "options": {
+ "orientation": "horizontal",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "showThresholdLabels": false,
+ "showThresholdMarkers": true
+ },
+ "pluginVersion": "7.0.5",
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "pcapage",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "seconds"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ }
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - PCAP Retention",
+ "type": "gauge"
+ },
+ {
+ "aliasColors": {
+ "#cpu": "green",
+ "1 Minute Average": "#EAB839",
+ "15 Minute Average": "#BF1B00",
+ "5 Minute Average": "#E0752D"
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 7,
+ "w": 8,
+ "x": 0,
+ "y": 20
+ },
+ "hiddenSeries": false,
+ "id": 6,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": true,
+ "max": true,
+ "min": true,
+ "show": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "#cpu",
+ "fill": 0
+ }
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "alias": "#cpu",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "n_cpus"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "last"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "1 Minute Average",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "load1"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "5 Minute Average",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "load5"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "15 Minute Average",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "load15"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Load Average",
+ "tooltip": {
+ "msResolution": true,
+ "shared": true,
+ "sort": 0,
+ "value_type": "cumulative"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {
+ "Buffered": "#6ED0E0",
+ "Cached": "#F9934E",
+ "Free": "#629E51",
+ "Used": "#58140C"
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "decimals": null,
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 6,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 7,
+ "w": 8,
+ "x": 8,
+ "y": 20
+ },
+ "hiddenSeries": false,
+ "id": 5,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": true,
+ "hideEmpty": false,
+ "hideZero": false,
+ "max": true,
+ "min": true,
+ "show": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "alias": "Used",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "mem",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "used"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Buffered",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "mem",
+ "policy": "default",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "buffered"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Cached",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "mem",
+ "policy": "default",
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "cached"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Free",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "mem",
+ "policy": "default",
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "free"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Memory",
+ "tooltip": {
+ "msResolution": true,
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "label": "Bytes",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {
+ "InBound": "#629E51",
+ "OutBound": "#5195CE",
+ "net.derivative": "#1F78C1"
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 7,
+ "w": 8,
+ "x": 16,
+ "y": 20
+ },
+ "hiddenSeries": false,
+ "id": 10,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": true,
+ "max": true,
+ "min": true,
+ "show": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "alias": "Inbound",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "net",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "bytes_recv"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "interface",
+ "operator": "=",
+ "value": "{{ MONINT }}"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Monitor Traffic",
+ "tooltip": {
+ "msResolution": true,
+ "shared": true,
+ "sort": 0,
+ "value_type": "cumulative"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "bps",
+ "label": "Bits/Sec",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {
+ "Blocked": "#BF1B00",
+ "Running": "#7EB26D"
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 7,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 7,
+ "w": 8,
+ "x": 0,
+ "y": 27
+ },
+ "hiddenSeries": false,
+ "id": 14,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": true,
+ "max": true,
+ "min": true,
+ "show": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "alias": "Blocked",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "processes",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "blocked"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Running",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "processes",
+ "policy": "default",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "running"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Sleep",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "processes",
+ "policy": "default",
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "sleeping"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Processes",
+ "tooltip": {
+ "msResolution": true,
+ "shared": true,
+ "sort": 0,
+ "value_type": "cumulative"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 7,
+ "w": 8,
+ "x": 8,
+ "y": 27
+ },
+ "hiddenSeries": false,
+ "id": 13,
+ "legend": {
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "alias": "Read",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "diskio",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "read_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [],
+ "type": "difference"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Write",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "diskio",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "write_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [],
+ "type": "difference"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Disk I/O",
+ "tooltip": {
+ "msResolution": true,
+ "shared": true,
+ "sort": 0,
+ "value_type": "cumulative"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "label": "",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {
+ "InBound": "#629E51",
+ "OutBound": "#5195CE",
+ "net.derivative": "#1F78C1"
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 7,
+ "w": 8,
+ "x": 16,
+ "y": 27
+ },
+ "hiddenSeries": false,
+ "id": 18,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": true,
+ "max": true,
+ "min": true,
+ "show": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "alias": "Inbound",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "net",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "bytes_recv"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "interface",
+ "operator": "=",
+ "value": "{{ MANINT }}"
+ }
+ ]
+ },
+ {
+ "alias": "Outbound",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "net",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "query": "SELECT 8 * derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "bytes_sent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "interface",
+ "operator": "=",
+ "value": "{{ MANINT }}"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Management Traffic",
+ "tooltip": {
+ "msResolution": true,
+ "shared": true,
+ "sort": 0,
+ "value_type": "cumulative"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "bps",
+ "label": "Bits/Sec",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 7,
+ "w": 8,
+ "x": 0,
+ "y": 34
+ },
+ "hiddenSeries": false,
+ "id": 15,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": true,
+ "max": true,
+ "min": true,
+ "show": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "alias": "Threads",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "processes",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "total_threads"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Total Threads",
+ "tooltip": {
+ "msResolution": true,
+ "shared": true,
+ "sort": 0,
+ "value_type": "cumulative"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ }
+ ],
+ "refresh": "30s",
+ "schemaVersion": 25,
+ "style": "dark",
+ "tags": [],
+ "templating": {
+ "list": [
+ {
+ "auto": true,
+ "auto_count": 30,
+ "auto_min": "10s",
+ "current": {
+ "selected": false,
+ "text": "10s",
+ "value": "10s"
+ },
+ "hide": 0,
+ "label": null,
+ "name": "Interval",
+ "options": [
+ {
"selected": false,
+ "text": "auto",
+ "value": "$__auto_interval_Interval"
+ },
+ {
+ "selected": true,
"text": "10s",
"value": "10s"
},
- "hide": 0,
- "label": null,
- "name": "Interval",
- "options": [
- {
- "selected": false,
- "text": "auto",
- "value": "$__auto_interval_Interval"
- },
- {
- "selected": true,
- "text": "10s",
- "value": "10s"
- },
- {
- "selected": false,
- "text": "1m",
- "value": "1m"
- },
- {
- "selected": false,
- "text": "10m",
- "value": "10m"
- },
- {
- "selected": false,
- "text": "30m",
- "value": "30m"
- },
- {
- "selected": false,
- "text": "1h",
- "value": "1h"
- },
- {
- "selected": false,
- "text": "6h",
- "value": "6h"
- },
- {
- "selected": false,
- "text": "12h",
- "value": "12h"
- },
- {
- "selected": false,
- "text": "1d",
- "value": "1d"
- },
- {
- "selected": false,
- "text": "7d",
- "value": "7d"
- },
- {
- "selected": false,
- "text": "14d",
- "value": "14d"
- },
- {
- "selected": false,
- "text": "30d",
- "value": "30d"
- }
- ],
- "query": "10s, 1m,10m,30m,1h,6h,12h,1d,7d,14d,30d",
- "refresh": 2,
- "skipUrlSync": false,
- "type": "interval"
- }
- ]
- },
- "time": {
- "from": "now-15m",
- "to": "now"
- },
- "timepicker": {
- "refresh_intervals": [
- "5s",
- "10s",
- "30s",
- "1m",
- "5m",
- "15m",
- "30m",
- "1h",
- "2h",
- "1d"
- ],
- "time_options": [
- "5m",
- "15m",
- "1h",
- "6h",
- "12h",
- "24h",
- "2d",
- "7d",
- "30d"
- ]
- },
- "timezone": "browser",
- "title": "Evaluation Mode - {{ SERVERNAME }} Overview",
- "uid": "{{ UID }}",
- "version": 1
- }
+ {
+ "selected": false,
+ "text": "1m",
+ "value": "1m"
+ },
+ {
+ "selected": false,
+ "text": "10m",
+ "value": "10m"
+ },
+ {
+ "selected": false,
+ "text": "30m",
+ "value": "30m"
+ },
+ {
+ "selected": false,
+ "text": "1h",
+ "value": "1h"
+ },
+ {
+ "selected": false,
+ "text": "6h",
+ "value": "6h"
+ },
+ {
+ "selected": false,
+ "text": "12h",
+ "value": "12h"
+ },
+ {
+ "selected": false,
+ "text": "1d",
+ "value": "1d"
+ },
+ {
+ "selected": false,
+ "text": "7d",
+ "value": "7d"
+ },
+ {
+ "selected": false,
+ "text": "14d",
+ "value": "14d"
+ },
+ {
+ "selected": false,
+ "text": "30d",
+ "value": "30d"
+ }
+ ],
+ "query": "10s, 1m,10m,30m,1h,6h,12h,1d,7d,14d,30d",
+ "refresh": 2,
+ "skipUrlSync": false,
+ "type": "interval"
+ }
+ ]
+ },
+ "time": {
+ "from": "now-15m",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "browser",
+ "title": "Evaluation Mode - {{ SERVERNAME }} Overview",
+ "uid": "so_overview",
+ "version": 6
+}
\ No newline at end of file
diff --git a/salt/grafana/dashboards/sensor_nodes/sensor.json b/salt/grafana/dashboards/sensor_nodes/sensor.json
index 835c8a86d..5b134a717 100644
--- a/salt/grafana/dashboards/sensor_nodes/sensor.json
+++ b/salt/grafana/dashboards/sensor_nodes/sensor.json
@@ -16,65 +16,158 @@
"editable": true,
"gnetId": 2381,
"graphTooltip": 0,
- "iteration": 1586896269839,
+ "iteration": 1602105838173,
"links": [],
"panels": [
{
- "cacheTimeout": null,
"datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "rgb(255, 255, 255)",
+ "value": null
+ }
+ ]
+ },
+ "unit": "s"
+ },
+ "overrides": []
+ },
"gridPos": {
"h": 5,
"w": 4,
"x": 0,
"y": 0
},
- "id": 2,
- "links": [],
+ "id": 39,
"options": {
- "fieldOptions": {
+ "colorMode": "value",
+ "graphMode": "none",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
"calcs": [
"lastNotNull"
],
- "defaults": {
- "mappings": [
- {
- "id": 0,
- "op": "=",
- "text": "N/A",
- "type": 1,
- "value": "null"
- }
- ],
- "max": 100,
- "min": 0,
- "nullValueMode": "connected",
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "rgba(50, 172, 45, 0.97)",
- "value": null
- },
- {
- "color": "rgba(237, 129, 40, 0.89)",
- "value": 60
- },
- {
- "color": "rgba(245, 54, 54, 0.9)",
- "value": 80
- }
- ]
+ "fields": "",
+ "values": false
+ }
+ },
+ "pluginVersion": "7.0.5",
+ "targets": [
+ {
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
},
- "unit": "percent"
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "uptime"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "last"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ }
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - System Uptime",
+ "type": "stat"
+ },
+ {
+ "cacheTimeout": null,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "mappings": [
+ {
+ "id": 0,
+ "op": "=",
+ "text": "N/A",
+ "type": 1,
+ "value": "null"
+ }
+ ],
+ "max": 100,
+ "min": 0,
+ "nullValueMode": "connected",
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "rgba(50, 172, 45, 0.97)",
+ "value": null
+ },
+ {
+ "color": "rgba(237, 129, 40, 0.89)",
+ "value": 60
+ },
+ {
+ "color": "rgba(245, 54, 54, 0.9)",
+ "value": 80
+ }
+ ]
},
- "overrides": [],
+ "unit": "percent"
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 4,
+ "y": 0
+ },
+ "id": 2,
+ "links": [],
+ "options": {
+ "orientation": "horizontal",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
"values": false
},
- "orientation": "horizontal",
"showThresholdLabels": false,
"showThresholdMarkers": true
},
- "pluginVersion": "6.6.2",
+ "pluginVersion": "7.0.5",
"targets": [
{
"dsType": "influxdb",
@@ -136,178 +229,56 @@
"type": "gauge"
},
{
- "cacheTimeout": null,
+ "aliasColors": {},
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
"datasource": "InfluxDB",
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 4,
- "y": 0
- },
- "id": 12,
- "links": [],
- "options": {
- "fieldOptions": {
- "calcs": [
- "lastNotNull"
- ],
- "defaults": {
- "mappings": [
- {
- "id": 0,
- "op": "=",
- "text": "N/A",
- "type": 1,
- "value": "null"
- }
- ],
- "max": "{{ ROOTFS }}",
- "min": 0,
- "nullValueMode": "connected",
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "rgba(50, 172, 45, 0.97)",
- "value": null
- },
- {
- "color": "rgba(237, 129, 40, 0.89)",
- "value": "{{ ROOTFS * '.80'|float }}"
- },
- {
- "color": "rgba(245, 54, 54, 0.9)",
- "value": "{{ ROOTFS * '.90'|float }}"
- }
- ]
- },
- "unit": "bytes"
- },
- "overrides": [],
- "values": false
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
},
- "orientation": "horizontal",
- "showThresholdLabels": false,
- "showThresholdMarkers": true
+ "overrides": []
},
- "pluginVersion": "6.6.2",
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "disk",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "used"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "path",
- "operator": "=",
- "value": "/"
- }
- ]
- }
- ],
- "title": "{{ SERVERNAME }} - Disk Used(/)",
- "type": "gauge"
- },
- {
- "cacheTimeout": null,
- "datasource": "InfluxDB",
+ "fill": 1,
+ "fillGradient": 0,
"gridPos": {
"h": 5,
"w": 4,
"x": 8,
"y": 0
},
- "id": 31,
- "links": [],
- "options": {
- "fieldOptions": {
- "calcs": [
- "lastNotNull"
- ],
- "defaults": {
- "mappings": [
- {
- "id": 0,
- "op": "=",
- "text": "N/A",
- "type": 1,
- "value": "null"
- }
- ],
- "max": "{{ NSMFS }}",
- "min": 0,
- "nullValueMode": "connected",
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "rgba(50, 172, 45, 0.97)",
- "value": null
- },
- {
- "color": "rgba(237, 129, 40, 0.89)",
- "value": "{{ NSMFS * '.80'|float }}"
- },
- {
- "color": "rgba(245, 54, 54, 0.9)",
- "value": "{{ NSMFS * '.90'|float }}"
- }
- ]
- },
- "unit": "bytes"
- },
- "overrides": [],
- "values": false
- },
- "orientation": "horizontal",
- "showThresholdLabels": false,
- "showThresholdMarkers": true
+ "hiddenSeries": false,
+ "id": 41,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
},
- "pluginVersion": "6.6.2",
+ "lines": false,
+ "linewidth": 1,
+ "nullPointMode": "null",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 2,
+ "points": true,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
"targets": [
{
- "dsType": "influxdb",
"groupBy": [
{
"params": [
- "$Interval"
+ "$__interval"
],
"type": "time"
},
@@ -318,16 +289,16 @@
"type": "fill"
}
],
- "measurement": "disk",
+ "measurement": "zeekcaptureloss",
"orderByTime": "ASC",
- "policy": "default",
+ "policy": "autogen",
"refId": "A",
"resultFormat": "time_series",
"select": [
[
{
"params": [
- "used"
+ "loss"
],
"type": "field"
},
@@ -342,18 +313,53 @@
"key": "host",
"operator": "=",
"value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "path",
- "operator": "=",
- "value": "/nsm"
}
]
}
],
- "title": "{{ SERVERNAME }} - Disk Used(/nsm)",
- "type": "gauge"
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Zeek Capture Loss",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "$$hashKey": "object:139",
+ "decimals": 1,
+ "format": "percent",
+ "label": "",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "$$hashKey": "object:140",
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
},
{
"aliasColors": {},
@@ -362,6 +368,12 @@
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"gridPos": {
@@ -413,7 +425,7 @@
"type": "fill"
}
],
- "measurement": "brodrop",
+ "measurement": "zeekdrop",
"orderByTime": "ASC",
"policy": "default",
"refId": "A",
@@ -495,6 +507,12 @@
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"gridPos": {
@@ -628,6 +646,12 @@
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"gridPos": {
@@ -748,6 +772,778 @@
"alignLevel": null
}
},
+ {
+ "cacheTimeout": null,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "mappings": [
+ {
+ "id": 0,
+ "op": "=",
+ "text": "N/A",
+ "type": 1,
+ "value": "null"
+ }
+ ],
+ "max": "{{ ROOTFS }}",
+ "min": 0,
+ "nullValueMode": "connected",
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "rgba(50, 172, 45, 0.97)",
+ "value": null
+ },
+ {
+ "color": "rgba(237, 129, 40, 0.89)",
+ "value": "{{ ROOTFS * '.80'|float }}"
+ },
+ {
+ "color": "rgba(245, 54, 54, 0.9)",
+ "value": "{{ ROOTFS * '.90'|float }}"
+ }
+ ]
+ },
+ "unit": "bytes"
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 0,
+ "y": 5
+ },
+ "id": 12,
+ "links": [],
+ "options": {
+ "orientation": "horizontal",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "showThresholdLabels": false,
+ "showThresholdMarkers": true
+ },
+ "pluginVersion": "7.0.5",
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "disk",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "used"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "path",
+ "operator": "=",
+ "value": "/"
+ }
+ ]
+ }
+ ],
+ "title": "{{ SERVERNAME }} - Disk Used(/)",
+ "type": "gauge"
+ },
+ {
+ "cacheTimeout": null,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "mappings": [
+ {
+ "id": 0,
+ "op": "=",
+ "text": "N/A",
+ "type": 1,
+ "value": "null"
+ }
+ ],
+ "max": "{{ NSMFS }}",
+ "min": 0,
+ "nullValueMode": "connected",
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "rgba(50, 172, 45, 0.97)",
+ "value": null
+ },
+ {
+ "color": "rgba(237, 129, 40, 0.89)",
+ "value": "{{ NSMFS * '.80'|float }}"
+ },
+ {
+ "color": "rgba(245, 54, 54, 0.9)",
+ "value": "{{ NSMFS * '.90'|float }}"
+ }
+ ]
+ },
+ "unit": "bytes"
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 4,
+ "y": 5
+ },
+ "id": 31,
+ "links": [],
+ "options": {
+ "orientation": "horizontal",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "showThresholdLabels": false,
+ "showThresholdMarkers": true
+ },
+ "pluginVersion": "7.0.5",
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "disk",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "used"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "path",
+ "operator": "=",
+ "value": "/nsm"
+ }
+ ]
+ }
+ ],
+ "title": "{{ SERVERNAME }} - Disk Used(/nsm)",
+ "type": "gauge"
+ },
+ {
+ "cacheTimeout": null,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "decimals": 2,
+ "mappings": [
+ {
+ "id": 0,
+ "op": "=",
+ "text": "N/A",
+ "type": 1,
+ "value": "null"
+ }
+ ],
+ "max": 1209600,
+ "min": 0,
+ "nullValueMode": "connected",
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "rgba(245, 54, 54, 0.9)",
+ "value": null
+ },
+ {
+ "color": "rgba(237, 129, 40, 0.89)",
+ "value": 259200
+ },
+ {
+ "color": "rgba(50, 172, 45, 0.97)",
+ "value": 432000
+ }
+ ]
+ },
+ "unit": "s"
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 8,
+ "y": 5
+ },
+ "id": 22,
+ "links": [],
+ "options": {
+ "orientation": "horizontal",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "showThresholdLabels": false,
+ "showThresholdMarkers": true
+ },
+ "pluginVersion": "7.0.5",
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "pcapage",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "seconds"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ }
+ ],
+ "title": "{{ SERVERNAME }} - PCAP Retention",
+ "type": "gauge"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "cacheTimeout": null,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 12,
+ "y": 5
+ },
+ "hiddenSeries": false,
+ "id": 26,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " / {{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-zeek"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Zeek CPU Usage",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "percent",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "cacheTimeout": null,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 16,
+ "y": 5
+ },
+ "hiddenSeries": false,
+ "id": 27,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " / {{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-suricata"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Suri CPU Usage",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "percent",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "cacheTimeout": null,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 20,
+ "y": 5
+ },
+ "hiddenSeries": false,
+ "id": 28,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " / {{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-steno"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Steno CPU Usage",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "percent",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
{
"aliasColors": {
"Interrupt": "#70DBED",
@@ -764,14 +1560,20 @@
"datasource": "InfluxDB",
"editable": true,
"error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
"fill": 4,
"fillGradient": 0,
"grid": {},
"gridPos": {
- "h": 8,
+ "h": 10,
"w": 8,
"x": 0,
- "y": 5
+ "y": 10
},
"hiddenSeries": false,
"id": 4,
@@ -1144,111 +1946,6 @@
"alignLevel": null
}
},
- {
- "cacheTimeout": null,
- "datasource": "InfluxDB",
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 8,
- "y": 5
- },
- "id": 22,
- "links": [],
- "options": {
- "fieldOptions": {
- "calcs": [
- "lastNotNull"
- ],
- "defaults": {
- "decimals": 2,
- "mappings": [
- {
- "id": 0,
- "op": "=",
- "text": "N/A",
- "type": 1,
- "value": "null"
- }
- ],
- "max": 1209600,
- "min": 0,
- "nullValueMode": "connected",
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "rgba(245, 54, 54, 0.9)",
- "value": null
- },
- {
- "color": "rgba(237, 129, 40, 0.89)",
- "value": 259200
- },
- {
- "color": "rgba(50, 172, 45, 0.97)",
- "value": 432000
- }
- ]
- },
- "unit": "s"
- },
- "overrides": [],
- "values": false
- },
- "orientation": "horizontal",
- "showThresholdLabels": false,
- "showThresholdMarkers": true
- },
- "pluginVersion": "6.6.2",
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "pcapage",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "seconds"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "title": "{{ SERVERNAME }} - PCAP Retention",
- "type": "gauge"
- },
{
"aliasColors": {},
"bars": false,
@@ -1256,423 +1953,12 @@
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
- "fill": 1,
- "fillGradient": 0,
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 12,
- "y": 5
- },
- "hiddenSeries": false,
- "id": 26,
- "legend": {
- "avg": false,
- "current": false,
- "max": false,
- "min": false,
- "show": false,
- "total": false,
- "values": false
- },
- "lines": true,
- "linewidth": 1,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pointradius": 2,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "docker_container_cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_percent"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- " / {{ CPUS }}"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "container_name",
- "operator": "=",
- "value": "so-zeek"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Zeek CPU Usage",
- "tooltip": {
- "shared": true,
- "sort": 0,
- "value_type": "individual"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "percent",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
},
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": false
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {},
- "bars": false,
- "cacheTimeout": null,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "fill": 1,
- "fillGradient": 0,
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 16,
- "y": 5
+ "overrides": []
},
- "hiddenSeries": false,
- "id": 27,
- "legend": {
- "avg": false,
- "current": false,
- "max": false,
- "min": false,
- "show": false,
- "total": false,
- "values": false
- },
- "lines": true,
- "linewidth": 1,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pointradius": 2,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "docker_container_cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_percent"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- " / {{ CPUS }}"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "container_name",
- "operator": "=",
- "value": "so-suricata"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Suri CPU Usage",
- "tooltip": {
- "shared": true,
- "sort": 0,
- "value_type": "individual"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "percent",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": false
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {},
- "bars": false,
- "cacheTimeout": null,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "fill": 1,
- "fillGradient": 0,
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 20,
- "y": 5
- },
- "hiddenSeries": false,
- "id": 28,
- "legend": {
- "avg": false,
- "current": false,
- "max": false,
- "min": false,
- "show": false,
- "total": false,
- "values": false
- },
- "lines": true,
- "linewidth": 1,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pointradius": 2,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "docker_container_cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_percent"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- " / {{ CPUS }}"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "container_name",
- "operator": "=",
- "value": "so-steno"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Steno CPU Usage",
- "tooltip": {
- "shared": true,
- "sort": 0,
- "value_type": "individual"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "percent",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": false
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {},
- "bars": false,
- "cacheTimeout": null,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
"fill": 1,
"fillGradient": 0,
"gridPos": {
@@ -1800,6 +2086,12 @@
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"gridPos": {
@@ -1933,6 +2225,12 @@
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"gridPos": {
@@ -2066,6 +2364,12 @@
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"gridPos": {
@@ -2192,6 +2496,461 @@
"alignLevel": null
}
},
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 8,
+ "y": 15
+ },
+ "hiddenSeries": false,
+ "id": 15,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": true,
+ "max": true,
+ "min": true,
+ "show": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "alias": "Threads",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "processes",
+ "policy": "default",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "total_threads"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Total Threads",
+ "tooltip": {
+ "msResolution": true,
+ "shared": true,
+ "sort": 0,
+ "value_type": "cumulative"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 1
+ }
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 12,
+ "y": 15
+ },
+ "id": 37,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "sum"
+ ],
+ "fields": "",
+ "values": false
+ }
+ },
+ "pluginVersion": "7.0.5",
+ "targets": [
+ {
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "healthcheck",
+ "orderByTime": "ASC",
+ "policy": "autogen",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "zeek_restart"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "last"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ }
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Zeek Restarts via Healthcheck",
+ "type": "stat"
+ },
+ {
+ "aliasColors": {
+ "InBound": "#629E51",
+ "OutBound": "#5195CE",
+ "net.derivative": "#1F78C1"
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 5,
+ "w": 8,
+ "x": 16,
+ "y": 15
+ },
+ "hiddenSeries": false,
+ "id": 10,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": true,
+ "max": true,
+ "min": true,
+ "show": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "alias": "InBound",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "net",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "bytes_recv"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "interface",
+ "operator": "=",
+ "value": "{{ MANINT }}"
+ }
+ ]
+ },
+ {
+ "alias": "OutBound",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$Interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "net",
+ "orderByTime": "ASC",
+ "policy": "default",
+ "query": "SELECT 8 * derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "bytes_sent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "interface",
+ "operator": "=",
+ "value": "{{ MANINT }}"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Management Traffic",
+ "tooltip": {
+ "msResolution": true,
+ "shared": true,
+ "sort": 0,
+ "value_type": "cumulative"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "bps",
+ "label": "Bits/Sec",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
{
"aliasColors": {
"Buffered": "#6ED0E0",
@@ -2206,6 +2965,12 @@
"decimals": null,
"editable": true,
"error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
"fill": 6,
"fillGradient": 0,
"grid": {},
@@ -2213,7 +2978,7 @@
"h": 7,
"w": 8,
"x": 0,
- "y": 13
+ "y": 20
},
"hiddenSeries": false,
"id": 5,
@@ -2461,47 +3226,62 @@
}
},
{
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
"datasource": "InfluxDB",
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 8,
- "y": 15
- },
- "id": 39,
- "options": {
- "colorMode": "value",
- "fieldOptions": {
- "calcs": [
- "lastNotNull"
- ],
- "defaults": {
- "mappings": [],
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "rgb(255, 255, 255)",
- "value": null
- }
- ]
- },
- "unit": "s"
- },
- "overrides": [],
- "values": false
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
},
- "graphMode": "none",
- "justifyMode": "auto",
- "orientation": "auto"
+ "overrides": []
},
- "pluginVersion": "6.6.2",
+ "fill": 1,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 7,
+ "w": 8,
+ "x": 8,
+ "y": 20
+ },
+ "hiddenSeries": false,
+ "id": 13,
+ "legend": {
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
"targets": [
{
+ "alias": "Read",
+ "dsType": "influxdb",
"groupBy": [
{
"params": [
- "$__interval"
+ "$Interval"
],
"type": "time"
},
@@ -2512,7 +3292,7 @@
"type": "fill"
}
],
- "measurement": "system",
+ "measurement": "diskio",
"orderByTime": "ASC",
"policy": "default",
"refId": "A",
@@ -2521,13 +3301,17 @@
[
{
"params": [
- "uptime"
+ "read_bytes"
],
"type": "field"
},
{
"params": [],
- "type": "last"
+ "type": "mean"
+ },
+ {
+ "params": [],
+ "type": "difference"
}
]
],
@@ -2538,58 +3322,14 @@
"value": "{{ SERVERNAME }}"
}
]
- }
- ],
- "timeFrom": null,
- "timeShift": null,
- "title": "{{ SERVERNAME }} - System Uptime",
- "type": "stat"
- },
- {
- "datasource": "InfluxDB",
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 12,
- "y": 15
- },
- "id": 37,
- "options": {
- "colorMode": "value",
- "fieldOptions": {
- "calcs": [
- "sum"
- ],
- "defaults": {
- "mappings": [],
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "red",
- "value": 1
- }
- ]
- }
- },
- "overrides": [],
- "values": false
},
- "graphMode": "area",
- "justifyMode": "auto",
- "orientation": "auto"
- },
- "pluginVersion": "6.6.2",
- "targets": [
{
+ "alias": "Write",
+ "dsType": "influxdb",
"groupBy": [
{
"params": [
- "$__interval"
+ "$Interval"
],
"type": "time"
},
@@ -2600,22 +3340,26 @@
"type": "fill"
}
],
- "measurement": "healthcheck",
+ "measurement": "diskio",
"orderByTime": "ASC",
- "policy": "autogen",
- "refId": "A",
+ "policy": "default",
+ "refId": "B",
"resultFormat": "time_series",
"select": [
[
{
"params": [
- "zeek_restart"
+ "write_bytes"
],
"type": "field"
},
{
"params": [],
- "type": "last"
+ "type": "mean"
+ },
+ {
+ "params": [],
+ "type": "difference"
}
]
],
@@ -2628,10 +3372,47 @@
]
}
],
+ "thresholds": [],
"timeFrom": null,
+ "timeRegions": [],
"timeShift": null,
- "title": "Zeek Restarts via Healthcheck",
- "type": "stat"
+ "title": "{{ SERVERNAME }} - Disk I/O",
+ "tooltip": {
+ "msResolution": true,
+ "shared": true,
+ "sort": 0,
+ "value_type": "cumulative"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "label": "",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
},
{
"aliasColors": {
@@ -2645,17 +3426,23 @@
"datasource": "InfluxDB",
"editable": true,
"error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"grid": {},
"gridPos": {
- "h": 5,
+ "h": 7,
"w": 8,
"x": 16,
- "y": 15
+ "y": 20
},
"hiddenSeries": false,
- "id": 10,
+ "id": 18,
"legend": {
"alignAsTable": true,
"avg": true,
@@ -2742,71 +3529,7 @@
"condition": "AND",
"key": "interface",
"operator": "=",
- "value": "{{ MANINT }}"
- }
- ]
- },
- {
- "alias": "OutBound",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "net",
- "orderByTime": "ASC",
- "policy": "default",
- "query": "SELECT 8 * derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
- "rawQuery": false,
- "refId": "B",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "bytes_sent"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- "1s"
- ],
- "type": "derivative"
- },
- {
- "params": [
- "*8"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "interface",
- "operator": "=",
- "value": "{{ MANINT }}"
+ "value": "{{ MONINT }}"
}
]
}
@@ -2815,7 +3538,7 @@
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
- "title": "{{ SERVERNAME }} - Management Traffic",
+ "title": "{{ SERVERNAME }} - Monitor Traffic",
"tooltip": {
"msResolution": true,
"shared": true,
@@ -2865,6 +3588,12 @@
"datasource": "InfluxDB",
"editable": true,
"error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"grid": {},
@@ -2872,7 +3601,7 @@
"h": 7,
"w": 8,
"x": 0,
- "y": 20
+ "y": 27
},
"hiddenSeries": false,
"id": 6,
@@ -3125,476 +3854,6 @@
"alignLevel": null
}
},
- {
- "aliasColors": {},
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "fill": 1,
- "fillGradient": 0,
- "grid": {},
- "gridPos": {
- "h": 7,
- "w": 8,
- "x": 8,
- "y": 20
- },
- "hiddenSeries": false,
- "id": 13,
- "legend": {
- "avg": false,
- "current": true,
- "max": false,
- "min": false,
- "show": true,
- "total": false,
- "values": true
- },
- "lines": true,
- "linewidth": 2,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "alias": "Read",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "diskio",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "read_bytes"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [],
- "type": "difference"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- },
- {
- "alias": "Write",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "diskio",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "B",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "write_bytes"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [],
- "type": "difference"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Disk I/O",
- "tooltip": {
- "msResolution": true,
- "shared": true,
- "sort": 0,
- "value_type": "cumulative"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "bytes",
- "label": "",
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {
- "InBound": "#629E51",
- "OutBound": "#5195CE",
- "net.derivative": "#1F78C1"
- },
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "fill": 1,
- "fillGradient": 0,
- "grid": {},
- "gridPos": {
- "h": 7,
- "w": 8,
- "x": 16,
- "y": 20
- },
- "hiddenSeries": false,
- "id": 18,
- "legend": {
- "alignAsTable": true,
- "avg": true,
- "current": true,
- "max": true,
- "min": true,
- "show": true,
- "total": false,
- "values": true
- },
- "lines": true,
- "linewidth": 2,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "alias": "InBound",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "net",
- "orderByTime": "ASC",
- "policy": "default",
- "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
- "rawQuery": false,
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "bytes_recv"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- "1s"
- ],
- "type": "derivative"
- },
- {
- "params": [
- "*8"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "interface",
- "operator": "=",
- "value": "{{ MONINT }}"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Monitor Traffic",
- "tooltip": {
- "msResolution": true,
- "shared": true,
- "sort": 0,
- "value_type": "cumulative"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "bps",
- "label": "Bits/Sec",
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {},
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "fill": 1,
- "fillGradient": 0,
- "grid": {},
- "gridPos": {
- "h": 7,
- "w": 8,
- "x": 0,
- "y": 27
- },
- "hiddenSeries": false,
- "id": 15,
- "legend": {
- "alignAsTable": true,
- "avg": true,
- "current": true,
- "max": true,
- "min": true,
- "show": true,
- "total": false,
- "values": true
- },
- "lines": true,
- "linewidth": 2,
- "links": [],
- "nullPointMode": "connected",
- "options": {
- "dataLinks": []
- },
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "alias": "Threads",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "processes",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "total_threads"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Total Threads",
- "tooltip": {
- "msResolution": true,
- "shared": true,
- "sort": 0,
- "value_type": "cumulative"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
{
"aliasColors": {
"Blocked": "#BF1B00",
@@ -3606,6 +3865,12 @@
"datasource": "InfluxDB",
"editable": true,
"error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
"fill": 7,
"fillGradient": 0,
"grid": {},
@@ -3828,6 +4093,12 @@
"datasource": "InfluxDB",
"editable": true,
"error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"grid": {},
@@ -4038,7 +4309,7 @@
}
],
"refresh": false,
- "schemaVersion": 22,
+ "schemaVersion": 25,
"style": "dark",
"tags": [],
"templating": {
@@ -4125,7 +4396,7 @@
]
},
"time": {
- "from": "now-30m",
+ "from": "now-15m",
"to": "now"
},
"timepicker": {
@@ -4155,6 +4426,6 @@
},
"timezone": "browser",
"title": "Sensor Node - {{ SERVERNAME }} Overview",
- "uid": "{{ UID }}",
- "version": 1
-}
+ "uid": "so_overview",
+ "version": 2
+}
\ No newline at end of file
diff --git a/salt/grafana/dashboards/standalone/standalone.json b/salt/grafana/dashboards/standalone/standalone.json
index 2587ff55f..3551f8f79 100644
--- a/salt/grafana/dashboards/standalone/standalone.json
+++ b/salt/grafana/dashboards/standalone/standalone.json
@@ -4231,6 +4231,139 @@
"alignLevel": null
}
},
+ {
+ "aliasColors": {},
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 16,
+ "y": 25
+ },
+ "hiddenSeries": false,
+ "id": 71,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": false,
+ "linewidth": 1,
+ "nullPointMode": "null",
+ "options": {
+ "dataLinks": []
+ },
+ "percentage": false,
+ "pointradius": 2,
+ "points": true,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "measurement": "zeekcaptureloss",
+ "orderByTime": "ASC",
+ "policy": "autogen",
+ "refId": "A",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "loss"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - Zeek Capture Loss",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "$$hashKey": "object:198",
+ "decimals": 1,
+ "format": "percent",
+ "label": "",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "$$hashKey": "object:199",
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
{
"aliasColors": {},
"bars": false,
@@ -4428,7 +4561,7 @@
"type": "fill"
}
],
- "measurement": "brodrop",
+ "measurement": "zeekdrop",
"orderByTime": "ASC",
"policy": "default",
"refId": "A",
@@ -4867,8 +5000,8 @@
"fillGradient": 0,
"gridPos": {
"h": 5,
- "w": 8,
- "x": 16,
+ "w": 4,
+ "x": 20,
"y": 30
},
"hiddenSeries": false,
diff --git a/salt/kibana/files/saved_objects.ndjson b/salt/kibana/files/saved_objects.ndjson
index 31205e53d..c7127349c 100644
--- a/salt/kibana/files/saved_objects.ndjson
+++ b/salt/kibana/files/saved_objects.ndjson
@@ -59,7 +59,7 @@
{"attributes":{"columns":["osquery.hostname","osquery.columns.username","osquery.LiveQuery","osquery.columns.name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event_type: osquery AND osquery.name:*chrome*\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"osquery - Chrome Extensions","version":1},"id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-09-16T11:45:16.810Z","version":"WzU3LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Chrome Extensions - Changes by Hostname","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\"title\":\"osquery - Chrome Extensions - Changes by Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.hostname.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}]}"},"id":"04f86530-1a59-11e9-ac0b-cb0ba10141ab","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-09-16T11:45:16.810Z","version":"WzU4LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"network.protocol:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Top Network Protocols","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Top Network Protocols\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false,\"metric\":{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}}},\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.protocol.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}"},"id":"d9eb5b30-6ea9-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-09-16T11:45:16.810Z","version":"WzU5LDFd"}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network - Transport","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network - Transport\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"network.transport: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"79cc9670-6ead-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-09-16T11:45:16.810Z","version":"WzYwLDFd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network - Transport","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network - Transport\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"network.transport: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"79cc9670-6ead-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-09-16T11:45:16.810Z","version":"WzYwLDFd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.category: network\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"b18f064d-2fba-45d8-a3c3-700ecec939a3\"},\"panelIndex\":\"b18f064d-2fba-45d8-a3c3-700ecec939a3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":14,\"h\":9,\"i\":\"3bf59d17-132e-47bc-b548-e1e073491ec5\"},\"panelIndex\":\"3bf59d17-132e-47bc-b548-e1e073491ec5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":27,\"y\":0,\"w\":21,\"h\":9,\"i\":\"49c9ae10-3f16-4cec-b044-c5cf2db199ae\"},\"panelIndex\":\"49c9ae10-3f16-4cec-b044-c5cf2db199ae\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":13,\"h\":19,\"i\":\"87427ca5-e0b9-4ec8-bb5f-3452803befe1\"},\"panelIndex\":\"87427ca5-e0b9-4ec8-bb5f-3452803befe1\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":9,\"w\":11,\"h\":19,\"i\":\"3d3199e1-d839-4738-bc99-e030365b7070\"},\"panelIndex\":\"3d3199e1-d839-4738-bc99-e030365b7070\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":9,\"w\":12,\"h\":19,\"i\":\"a7745b0f-1c69-4837-9f7e-3d79b5a2ac60\"},\"panelIndex\":\"a7745b0f-1c69-4837-9f7e-3d79b5a2ac60\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":19,\"i\":\"221a543a-98d4-46dd-8e7c-bf97bb292021\"},\"panelIndex\":\"221a543a-98d4-46dd-8e7c-bf97bb292021\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":29,\"i\":\"55902091-6959-4127-a969-4015fbf124d3\"},\"panelIndex\":\"55902091-6959-4127-a969-4015fbf124d3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Network","version":1},"id":"04ff3ef0-6ea4-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"d9eb5b30-6ea9-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"79cc9670-6ead-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_4","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"type":"dashboard","updated_at":"2020-09-16T14:28:35.705Z","version":"WzIyNjcsMl0="}
{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"event_type:bro_conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Connections - Logs","version":1},"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-09-16T11:45:16.810Z","version":"WzYyLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Missed Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Missed Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"missed_bytes\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Missed Bytes\"}}],\"listeners\":{}}"},"id":"05088150-3670-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-09-16T11:45:16.810Z","version":"WzYzLDFd"}
diff --git a/salt/logstash/pipelines/config/so/0900_input_redis.conf.jinja b/salt/logstash/pipelines/config/so/0900_input_redis.conf.jinja
index c98a2a388..60229422b 100644
--- a/salt/logstash/pipelines/config/so/0900_input_redis.conf.jinja
+++ b/salt/logstash/pipelines/config/so/0900_input_redis.conf.jinja
@@ -1,5 +1,6 @@
{%- set MANAGER = salt['grains.get']('master') %}
{%- set THREADS = salt['pillar.get']('logstash_settings:ls_input_threads', '') %}
+{% set BATCH = salt['pillar.get']('logstash_settings:ls_pipeline_batch_size', 125) %}
input {
redis {
@@ -10,5 +11,6 @@ input {
key => 'logstash:unparsed'
type => 'redis-input'
threads => {{ THREADS }}
+ batch_count => {{ BATCH }}
}
}
diff --git a/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja b/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja
index 89d1a9466..7ebe6afbd 100644
--- a/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja
@@ -7,7 +7,7 @@
output {
if [module] =~ "ossec" {
elasticsearch {
- pipeline => "%{module}.%{dataset}"
+ pipeline => "%{module}"
hosts => "{{ ES }}"
index => "so-ossec-%{+YYYY.MM.dd}"
template_name => "so-ossec"
diff --git a/salt/soc/files/soc/alerts.queries.json b/salt/soc/files/soc/alerts.queries.json
index dcbd97787..0e74adad8 100644
--- a/salt/soc/files/soc/alerts.queries.json
+++ b/salt/soc/files/soc/alerts.queries.json
@@ -1,9 +1,9 @@
[
- { "name": "Group By Name, Module", "query": "* | groupby rule.name rule.uuid event.module event.severity_label" },
- { "name": "Group By Sensor, Source IP/Port, Destination IP/Port, Name", "query": "* | groupby observer.name source.ip source.port destination.ip destination.port rule.name rule.uuid network.community_id event.severity_label" },
- { "name": "Group By Source IP, Name", "query": "* | groupby source.ip rule.name rule.uuid event.severity_label" },
- { "name": "Group By Source Port, Name", "query": "* | groupby source.port rule.name rule.uuid event.severity_label" },
- { "name": "Group By Destination IP, Name", "query": "* | groupby destination.ip rule.name rule.uuid event.severity_label" },
- { "name": "Group By Destination Port, Name", "query": "* | groupby destination.port rule.name rule.uuid event.severity_label" },
+ { "name": "Group By Name, Module", "query": "* | groupby rule.name event.module event.severity_label" },
+ { "name": "Group By Sensor, Source IP/Port, Destination IP/Port, Name", "query": "* | groupby observer.name source.ip source.port destination.ip destination.port rule.name network.community_id event.severity_label" },
+ { "name": "Group By Source IP, Name", "query": "* | groupby source.ip rule.name event.severity_label" },
+ { "name": "Group By Source Port, Name", "query": "* | groupby source.port rule.name event.severity_label" },
+ { "name": "Group By Destination IP, Name", "query": "* | groupby destination.ip rule.name event.severity_label" },
+ { "name": "Group By Destination Port, Name", "query": "* | groupby destination.port rule.name event.severity_label" },
{ "name": "Ungroup", "query": "*" }
-]
\ No newline at end of file
+]
diff --git a/salt/soc/files/soc/hunt.queries.json b/salt/soc/files/soc/hunt.queries.json
index 3a92b0ac8..e3ed3ad8f 100644
--- a/salt/soc/files/soc/hunt.queries.json
+++ b/salt/soc/files/soc/hunt.queries.json
@@ -28,9 +28,8 @@
{ "name": "DPD", "description": "Dynamic Protocol Detection errors", "query": "event.dataset:dpd | groupby error.reason"},
{ "name": "Files", "description": "Files grouped by mimetype", "query": "event.dataset:file | groupby file.mime_type source.ip"},
{ "name": "Files", "description": "Files grouped by source", "query": "event.dataset:file | groupby file.source source.ip"},
- { "name": "FTP", "description": "FTP grouped by argument", "query": "event.dataset:ftp | groupby ftp.argument"},
- { "name": "FTP", "description": "FTP grouped by command", "query": "event.dataset:ftp | groupby ftp.command"},
- { "name": "FTP", "description": "FTP grouped by username", "query": "event.dataset:ftp | groupby ftp.user"},
+ { "name": "FTP", "description": "FTP grouped by command and argument", "query": "event.dataset:ftp | groupby ftp.command ftp.argument"},
+ { "name": "FTP", "description": "FTP grouped by username and argument", "query": "event.dataset:ftp | groupby ftp.user ftp.argument"},
{ "name": "HTTP", "description": "HTTP grouped by destination port", "query": "event.dataset:http | groupby destination.port"},
{ "name": "HTTP", "description": "HTTP grouped by status code and message", "query": "event.dataset:http | groupby http.status_code http.status_message"},
{ "name": "HTTP", "description": "HTTP grouped by method and user agent", "query": "event.dataset:http | groupby http.method http.useragent"},
diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 6961144bf..49e87f784 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -390,7 +390,7 @@ fleetkeyperms:
- group: 939
{% endif %}
-{% if grains['role'] in ['so-sensor', 'so-manager', 'so-node', 'so-searchnode', 'so-eval', 'so-helix', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-import'] %}
+{% if grains['role'] in ['so-sensor', 'so-manager', 'so-node', 'so-eval', 'so-helix', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-import'] %}
fbcertdir:
file.directory:
@@ -527,7 +527,7 @@ fleetkeyperms:
{% endif %}
-{% if grains['role'] in ['so-node', 'so-searchnode'] %}
+{% if grains['role'] == 'so-node' %}
# Create a cert for elasticsearch
/etc/pki/elasticsearch.key:
x509.private_key_managed:
diff --git a/salt/suricata/afpacket.map.jinja b/salt/suricata/afpacket.map.jinja
index cd700765a..37b80aa87 100644
--- a/salt/suricata/afpacket.map.jinja
+++ b/salt/suricata/afpacket.map.jinja
@@ -5,6 +5,7 @@ af-packet:
cluster-type: cluster_flow
defrag: yes
use-mmap: yes
+ threads: {{ salt['pillar.get']('sensor:suriprocs', salt['pillar.get']('sensor:suripins') | length) }}
tpacket-v3: yes
ring-size: {{ salt['pillar.get']('sensor:suriringsize', '2048') }}
- interface: default
diff --git a/salt/suricata/defaults.yaml b/salt/suricata/defaults.yaml
index ee34a8bf0..9f34c0871 100644
--- a/salt/suricata/defaults.yaml
+++ b/salt/suricata/defaults.yaml
@@ -345,7 +345,7 @@ suricata:
coredump:
max-dump: unlimited
host-mode: auto
- max-pending-packets: 1024
+ max-pending-packets: 5000
runmode: workers
#autofp-scheduler: hash
default-packet-size: 1500
diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf
index a1d7caa90..055b25c1d 100644
--- a/salt/telegraf/etc/telegraf.conf
+++ b/salt/telegraf/etc/telegraf.conf
@@ -679,7 +679,8 @@
"/scripts/stenoloss.sh",
"/scripts/suriloss.sh",
"/scripts/checkfiles.sh",
- "/scripts/broloss.sh",
+ "/scripts/zeekloss.sh",
+ "/scripts/zeekcaptureloss.sh",
"/scripts/oldpcap.sh"
]
data_format = "influx"
@@ -691,7 +692,8 @@
"/scripts/stenoloss.sh",
"/scripts/suriloss.sh",
"/scripts/checkfiles.sh",
- "/scripts/broloss.sh",
+ "/scripts/zeekloss.sh",
+ "/scripts/zeekcaptureloss.sh",
"/scripts/oldpcap.sh"
]
data_format = "influx"
@@ -702,7 +704,8 @@
"/scripts/stenoloss.sh",
"/scripts/suriloss.sh",
"/scripts/checkfiles.sh",
- "/scripts/broloss.sh",
+ "/scripts/zeekloss.sh",
+ "/scripts/zeekcaptureloss.sh",
"/scripts/oldpcap.sh",
"/scripts/influxdbsize.sh"
]
@@ -713,7 +716,8 @@
"/scripts/stenoloss.sh",
"/scripts/suriloss.sh",
"/scripts/checkfiles.sh",
- "/scripts/broloss.sh",
+ "/scripts/zeekloss.sh",
+ "/scripts/zeekcaptureloss.sh",
"/scripts/oldpcap.sh",
"/scripts/helixeps.sh"
]
diff --git a/salt/telegraf/scripts/zeekcaptureloss.sh b/salt/telegraf/scripts/zeekcaptureloss.sh
new file mode 100644
index 000000000..a6f9f3531
--- /dev/null
+++ b/salt/telegraf/scripts/zeekcaptureloss.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+# This script returns the average of all the workers average capture loss to telegraf / influxdb in influx format include nanosecond precision timestamp
+{%- set WORKERS = salt['pillar.get']('sensor:zeek_lbprocs', salt['pillar.get']('sensor:zeek_pins') | length) %}
+ZEEKLOG=/host/nsm/zeek/spool/logger/capture_loss.log
+LASTCAPTURELOSSLOG=/var/log/telegraf/lastcaptureloss.txt
+if [ -f "$ZEEKLOG" ]; then
+ CURRENTTS=$(tail -1 $ZEEKLOG | jq .ts | sed 's/"//g')
+ if [ -f "$LASTCAPTURELOSSLOG" ]; then
+ LASTTS=$(cat $LASTCAPTURELOSSLOG)
+ if [[ "$LASTTS" != "$CURRENTTS" ]]; then
+ LOSS=$(tail -{{WORKERS}} $ZEEKLOG | awk -F, '{print $NF}' | sed 's/}//' | awk -F: '{LOSS += $2 / {{WORKERS}}} END { print LOSS}')
+ echo "zeekcaptureloss loss=$LOSS"
+ fi
+ fi
+ echo "$CURRENTTS" > $LASTCAPTURELOSSLOG
+fi
\ No newline at end of file
diff --git a/salt/telegraf/scripts/broloss.sh b/salt/telegraf/scripts/zeekloss.sh
similarity index 68%
rename from salt/telegraf/scripts/broloss.sh
rename to salt/telegraf/scripts/zeekloss.sh
index 6dc6cdeeb..579fdf9f2 100644
--- a/salt/telegraf/scripts/broloss.sh
+++ b/salt/telegraf/scripts/zeekloss.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-
+# This script returns the packets dropped by Zeek, but it isn't a percentage. $LOSS * 100 would be the percentage
ZEEKLOG=$(tac /host/nsm/zeek/logs/packetloss.log | head -2)
declare RESULT=($ZEEKLOG)
CURRENTDROP=${RESULT[3]}
@@ -7,11 +7,11 @@ PASTDROP=${RESULT[9]}
DROPPED=$((CURRENTDROP - PASTDROP))
if [ $DROPPED == 0 ]; then
LOSS=0
- echo "brodrop drop=0"
+ echo "zeekdrop drop=0"
else
CURRENTPACKETS=${RESULT[5]}
PASTPACKETS=${RESULT[11]}
TOTAL=$((CURRENTPACKETS - PASTPACKETS))
LOSS=$(echo $DROPPED $TOTAL / p | dc)
- echo "brodrop drop=$LOSS"
+ echo "zeekdrop drop=$LOSS"
fi
\ No newline at end of file
diff --git a/setup/so-analyst b/setup/so-analyst
deleted file mode 100755
index 277fb2865..000000000
--- a/setup/so-analyst
+++ /dev/null
@@ -1,177 +0,0 @@
-#!/bin/bash
-
-# Copyright 2014-2020 Security Onion Solutions, LLC
-
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-if [ "$(id -u)" -ne 0 ]; then
- echo "This script must be run using sudo!"
- exit 1
-fi
-
-# Install a GUI text editor
-yum -y install gedit
-
-# Install misc utils
-yum -y install wget curl unzip epel-release;
-
-# Install xWindows
-yum -y groupinstall "X Window System";
-yum -y install gnome-classic-session gnome-terminal nautilus-open-terminal control-center liberation-mono-fonts;
-unlink /etc/systemd/system/default.target;
-ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target;
-yum -y install file-roller
-
-# NetworkMiner has a compatibility issue with Mono 6 right now
-if ! grep -q "NetworkMiner has a compatibility issue with Mono 6 right now" /etc/yum/pluginconf.d/versionlock.list; then
-
-cat << EOF >> /etc/yum/pluginconf.d/versionlock.list
-
-# NetworkMiner has a compatibility issue with Mono 6 right now
-0:mono-complete-4.2.1.102-0.xamarin.1.*
-0:mono-core-4.2.1.102-0.xamarin.1.*
-0:mono-data-4.2.1.102-0.xamarin.1.*
-0:mono-data-oracle-4.2.1.102-0.xamarin.1.*
-0:mono-data-sqlite-4.2.1.102-0.xamarin.1.*
-0:mono-devel-4.2.1.102-0.xamarin.1.*
-0:mono-extras-4.2.1.102-0.xamarin.1.*
-0:mono-locale-extras-4.2.1.102-0.xamarin.1.*
-0:mono-mvc-4.2.1.102-0.xamarin.1.*
-0:mono-nunit-4.2.1.102-0.xamarin.1.*
-0:mono-reactive-4.2.1.102-0.xamarin.1.*
-0:mono-wcf-4.2.1.102-0.xamarin.1.*
-0:mono-web-4.2.1.102-0.xamarin.1.*
-0:mono-winforms-4.2.1.102-0.xamarin.1.*
-0:mono-winfxcore-4.2.1.102-0.xamarin.1.*
-EOF
-
-fi
-
-# Install Mono - prereq for NetworkMiner
-rpmkeys --import "http://pool.sks-keyservers.net/pks/lookup?op=get&search=0x3fa7e0328081bff6a14da29aa6a19b38d3d831ef";
-curl https://download.mono-project.com/repo/centos7-stable.repo | tee /etc/yum.repos.d/mono-centos7-stable.repo;
-yum -y install mono-core mono-basic mono-winforms expect
-
-# Install NetworkMiner
-yum -y install libcanberra-gtk2;
-wget https://www.netresec.com/?download=NetworkMiner_2-4 -O /tmp/nm.zip;
-mkdir -p /opt/networkminer/
-unzip /tmp/nm.zip -d /opt/networkminer/;
-rm /tmp/nm.zip;
-mv /opt/networkminer/NetworkMiner_*/* /opt/networkminer/
-chmod +x /opt/networkminer/NetworkMiner.exe;
-chmod -R go+w /opt/networkminer/AssembledFiles/;
-chmod -R go+w /opt/networkminer/Captures/;
-# Create networkminer shim
-cat << EOF >> /bin/networkminer
-#!/bin/bash
-/bin/mono /opt/networkminer/NetworkMiner.exe --noupdatecheck "\$@"
-EOF
-chmod +x /bin/networkminer
-# Convert networkminer ico file to png format
-yum -y install ImageMagick
-convert /opt/networkminer/networkminericon.ico /opt/networkminer/networkminericon.png
-# Create menu entry
-cat << EOF >> /usr/share/applications/networkminer.desktop
-[Desktop Entry]
-Name=NetworkMiner
-Comment=NetworkMiner
-Encoding=UTF-8
-Exec=/bin/networkminer %f
-Icon=/opt/networkminer/networkminericon-4.png
-StartupNotify=true
-Terminal=false
-X-MultipleArgs=false
-Type=Application
-MimeType=application/x-pcap;
-Categories=Network;
-EOF
-
-# Set default monospace font to Liberation
-cat << EOF >> /etc/fonts/local.conf
-
-
- monospace
-
-
- Liberation Mono
-
-
-EOF
-
-# Install Wireshark for Gnome
-yum -y install wireshark-gnome;
-
-# Install dnsiff
-yum -y install dsniff;
-
-# Install hping3
-yum -y install hping3;
-
-# Install netsed
-yum -y install netsed;
-
-# Install ngrep
-yum -y install ngrep;
-
-# Install scapy
-yum -y install python36-scapy;
-
-# Install ssldump
-yum -y install ssldump;
-
-# Install tcpdump
-yum -y install tcpdump;
-
-# Install tcpflow
-yum -y install tcpflow;
-
-# Install tcpxtract
-yum -y install tcpxtract;
-
-# Install whois
-yum -y install whois;
-
-# Install foremost
-yum -y install https://forensics.cert.org/centos/cert/7/x86_64//foremost-1.5.7-13.1.el7.x86_64.rpm;
-
-# Install chromium
-yum -y install chromium;
-
-# Install tcpstat
-yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-tcpstat-1.5.0/securityonion-tcpstat-1.5.0.rpm;
-
-# Install tcptrace
-yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-tcptrace-6.6.7/securityonion-tcptrace-6.6.7.rpm;
-
-# Install sslsplit
-yum -y install libevent;
-yum -y install sslsplit;
-
-# Install Bit-Twist
-yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-bittwist-2.0.0/securityonion-bittwist-2.0.0.rpm;
-
-# Install chaosreader
-yum -y install perl-IO-Compress perl-Net-DNS;
-yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-chaosreader-0.95.10/securityonion-chaosreader-0.95.10.rpm;
-chmod +x /bin/chaosreader;
-
-cp ../files/analyst/README /;
-
-echo
-echo "Analyst workstation has been installed!"
-echo "Press ENTER to reboot or Ctrl-C to cancel."
-read pause
-
-reboot;
diff --git a/setup/so-functions b/setup/so-functions
index 0f977cd00..9df9e80cd 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1104,7 +1104,6 @@ manager_pillar() {
"logstash_settings:"\
" ls_pipeline_batch_size: 125"\
" ls_input_threads: 1"\
- " ls_batch_count: 125"\
" lsheap: $LS_HEAP_SIZE"\
" ls_pipeline_workers: $num_cpu_cores"\
""\
@@ -1333,8 +1332,8 @@ elasticsearch_pillar() {
"logstash_settings:"\
" ls_pipeline_batch_size: $LSPIPELINEBATCH"\
" ls_input_threads: $LSINPUTTHREADS"\
- " ls_batch_count: $LSINPUTBATCHCOUNT"\
" lsheap: $NODE_LS_HEAP_SIZE"\
+ " ls_pipeline_workers: $num_cpu_cores"\
"" >> "$pillar_file"
}
diff --git a/setup/so-setup b/setup/so-setup
index c543a635a..21d320c6a 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -272,7 +272,7 @@ if [[ $is_manager && $is_node ]]; then
LSPIPELINEWORKERS=1
LSPIPELINEBATCH=125
LSINPUTTHREADS=1
- LSINPUTBATCHCOUNT=125
+ LSPIPELINEBATCH=125
NIDS=Suricata
ZEEKVERSION=ZEEK
fi
@@ -387,7 +387,6 @@ if [[ $is_node && ! $is_eval ]]; then
whiptail_node_ls_pipeline_worker
whiptail_node_ls_pipline_batchsize
whiptail_node_ls_input_threads
- whiptail_node_ls_input_batch_count
whiptail_cur_close_days
whiptail_log_size_limit
else
@@ -396,7 +395,7 @@ if [[ $is_node && ! $is_eval ]]; then
LSPIPELINEWORKERS=$num_cpu_cores
LSPIPELINEBATCH=125
LSINPUTTHREADS=1
- LSINPUTBATCHCOUNT=125
+ LSPIPELINEBATCH=125
fi
fi
@@ -519,14 +518,9 @@ fi
set_progress_str 12 'Generating manager pillar'
manager_pillar >> $setup_log 2>&1
- fi
-
- if [[ $is_sensor || $is_import ]]; then
- set_progress_str 13 'Generating zeeklogs pillar'
zeek_logs_enabled >> $setup_log 2>&1
fi
-
-
+
set_progress_str 16 'Running first Salt checkin'
salt_firstcheckin >> $setup_log 2>&1
@@ -623,7 +617,6 @@ fi
salt-call state.apply -l info suricata >> $setup_log 2>&1
set_progress_str 67 "$(print_salt_state_apply 'zeek')"
- zeek_logs_enabled >> $setup_log 2>&1
salt-call state.apply -l info zeek >> $setup_log 2>&1
fi
diff --git a/setup/so-whiptail b/setup/so-whiptail
index c602dd8f3..2eca36d98 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -896,19 +896,6 @@ whiptail_node_ls_input_threads() {
}
-whiptail_node_ls_input_batch_count() {
-
- [ -n "$TESTING" ] && return
-
- LSINPUTBATCHCOUNT=$(whiptail --title "Security Onion Setup" --inputbox \
- "\nEnter LogStash Input Batch Count: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
-
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
-
-}
-
-
#TODO: helper function to display error message or exit if batch mode
# exit_if_batch <"Error string">
diff --git a/so-analyst-install b/so-analyst-install
new file mode 100755
index 000000000..1c63f70a0
--- /dev/null
+++ b/so-analyst-install
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+cd "$(dirname "$0")/salt/common/tools/sbin" || exit 255
+
+./so-analyst-install
\ No newline at end of file