CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

add redis to proper node types. grafana dahsboard changes. change zeek_restart to not use telegraf socket but read from file instead

Browse Source
This commit is contained in:
m0duspwnens
2020-09-01 14:38:10 -04:00
parent ada1c81ab7
commit b6d66bddfc
6 changed files with 288 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
salt/_modules/healthcheck.py
View File

@@ -2,6 +2,8 @@
import logging
import sys
from time import time
from os.path import getsize
allowed_functions = ['is_enabled', 'zeek']
states_to_apply = []
@@ -85,7 +87,19 @@ def zeek():
else:
zeek_restart = 0
__salt__['telegraf.send']('healthcheck zeek_restart=%i' % zeek_restart)
#__salt__['telegraf.send']('healthcheck zeek_restart=%i' % zeek_restart)
# write out to file in /nsm/zeek/logs/ for telegraf to read for zeek restart
try:
if getsize("/nsm/zeek/logs/zeek_restart.log") >= 1000000:
openmethod = "w"
else:
openmethod = "a"
except FileNotFoundError:
openmethod = "a"
with open("/nsm/zeek/logs/zeek_restart.log", openmethod) as f:
f.write('healthcheck zeek_restart=%i' % zeek_restart int(time() * 1000000000))
if calling_func == 'execute' and zeek_restart:
apply_states()

132
salt/grafana/dashboards/manager/manager.json
View File

@@ -3915,6 +3915,138 @@
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
"custom": {}
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 5,
"w": 4,
"x": 20,
"y": 5
},
"hiddenSeries": false,
"id": 40,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"nullPointMode": "connected",
"options": {
"dataLinks": []
},
"percentage": false,
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"groupBy": [
{
"params": [
"$__interval"
],
"type": "time"
},
{
"params": [
"null"
],
"type": "fill"
}
],
"measurement": "influxsize",
"orderByTime": "ASC",
"policy": "autogen",
"refId": "A",
"resultFormat": "time_series",
"select": [
[
{
"params": [
"kbytes"
],
"type": "field"
},
{
"params": [],
"type": "mean"
}
]
],
"tags": [
{
"key": "host",
"operator": "=",
"value": "{{ SERVERNAME }}"
}
]
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "{{ SERVERNAME }} - InfluxDB Size",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"$$hashKey": "object:526",
"format": "deckbytes",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"$$hashKey": "object:527",
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
}
],
"refresh": false,

258
salt/grafana/dashboards/managersearch/managersearch.json
View File

@@ -627,132 +627,6 @@
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 5,
"w": 4,
"x": 20,
"y": 0
},
"hiddenSeries": false,
"id": 51,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"nullPointMode": "connected",
"options": {
"dataLinks": []
},
"percentage": false,
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"groupBy": [
{
"params": [
"$__interval"
],
"type": "time"
},
{
"params": [
"null"
],
"type": "fill"
}
],
"measurement": "redisqueue",
"orderByTime": "ASC",
"policy": "default",
"refId": "A",
"resultFormat": "time_series",
"select": [
[
{
"params": [
"parsed"
],
"type": "field"
},
{
"params": [],
"type": "mean"
}
]
],
"tags": [
{
"key": "host",
"operator": "=",
"value": "{{ SERVERNAME }}"
}
]
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "{{ SERVERNAME }} - Redis Parsed Queue",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"$$hashKey": "object:1367",
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"$$hashKey": "object:1368",
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"cacheTimeout": null,
"datasource": "InfluxDB",
@@ -4787,6 +4661,138 @@
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
"custom": {}
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 5,
"w": 4,
"x": 20,
"y": 5
},
"hiddenSeries": false,
"id": 57,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"nullPointMode": "connected",
"options": {
"dataLinks": []
},
"percentage": false,
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"groupBy": [
{
"params": [
"$__interval"
],
"type": "time"
},
{
"params": [
"null"
],
"type": "fill"
}
],
"measurement": "influxsize",
"orderByTime": "ASC",
"policy": "autogen",
"refId": "A",
"resultFormat": "time_series",
"select": [
[
{
"params": [
"kbytes"
],
"type": "field"
},
{
"params": [],
"type": "mean"
}
]
],
"tags": [
{
"key": "host",
"operator": "=",
"value": "{{ SERVERNAME }}"
}
]
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "{{ SERVERNAME }} - InfluxDB Size",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"$$hashKey": "object:140",
"format": "deckbytes",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"$$hashKey": "object:141",
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
}
],
"refresh": false,

4
salt/grafana/dashboards/standalone/standalone.json
View File

@@ -4281,7 +4281,7 @@
"groupBy": [
{
"params": [
"1s"
"$__interval"
],
"type": "time"
},
@@ -4324,7 +4324,7 @@
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "InfluxDB Size",
"title": "{{ SERVERNAME }} - InfluxDB Size",
"tooltip": {
"shared": true,
"sort": 0,

5
salt/telegraf/etc/telegraf.conf
View File

@@ -754,6 +754,11 @@
# ## more about them here:
# ## https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_INPUT.md
# data_format = "influx"
{% if salt['pillar.get']('healthcheck:enabled', 'False') %}
[[inputs.file]]
file = ["/nsm/zeek/logs/zeek_restart.log"]
data_format = "influx"
{% endif %}
# # Count files in a directory

5
salt/top.sls
View File

@@ -158,7 +158,6 @@ base:
{%- if FLEETMANAGER or FLEETNODE %}
- fleet
- fleet.install_package
- redis
{%- endif %}
- soctopus
{%- if THEHIVE != 0 %}
@@ -319,6 +318,7 @@ base:
- wazuh
{%- endif %}
- logstash
- redis
- curator
- kibana
- elastalert
@@ -327,7 +327,6 @@ base:
- schedule
{%- if FLEETMANAGER or FLEETNODE %}
- fleet
- redis
- fleet.install_package
{%- endif %}
- soctopus
@@ -356,6 +355,7 @@ base:
- wazuh
{%- endif %}
- logstash
- redis
- curator
- filebeat
{%- if STRELKA %}
@@ -363,7 +363,6 @@ base:
{%- endif %}
{%- if FLEETMANAGER or FLEETNODE %}
- fleet.install_package
- redis
{%- endif %}
- pcap
- suricata