diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 000000000..02ab437fb
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,39 @@
+# Contributing to Security Onion
+
+### Questions, suggestions, and general comments
+* Security Onion uses GitHub's [Discussions](https://github.com/Security-Onion-Solutions/securityonion/discussions) to provide a forum where the community and developers can interact as well as ask and answer questions.
+
+### Reporting a bug
+* The primary place to report unexpected behavior or possible bugs is the repo's [Discussions forum](https://github.com/Security-Onion-Solutions/securityonion/discussions).
+
+* **If you are familiar with the current version of Security Onion and are confident you've discovered a bug**, first ensure there is not already an issue present by searching the open [issues](https://github.com/Security-Onion-Solutions/securityonion/issues). If there is, a thumbs up :+1: is a great way to show this bug is affecting you too.
+
+* If an issue doesn't exist, [open a new one](https://github.com/Security-Onion-Solutions/securityonion/issues/new), following the directions in the issue template. This means including:
+ * **System information** and how Security Onion was installed
+ * **Log files** relevant to the bug report
+ * **Reproduction steps**
+
+### Contributing code
+
+* **All commits must be signed** with a valid key that has been added to your GitHub account. The commits should have all the "**Verified**" tag when viewed on GitHub as shown below:
+
+ 
+
+* If an issue does not already exist for the bug or feature for which you are submitting a pull request, [create one](https://github.com/Security-Onion-Solutions/securityonion/issues/new) with the relevant prefix. (**`FIX:`** for bug fixes, **`FEATURE:`** for new features.)
+
+* Link the PR to the related issue, either using [keywords](https://docs.github.com/en/issues/tracking-your-work-with-issues/creating-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword) in the PR description, or [manually](https://docs.github.com/en/issues/tracking-your-work-with-issues/creating-issues/linking-a-pull-request-to-an-issue#manually-linking-a-pull-request-to-an-issue).
+
+* **Pull requests should be opened against the `dev` branch of this repo**, and should clearly describe the problem and solution.
+
+* Be sure you have tested your changes and are confident they will not break other parts of the product.
+
+* See this document's [code styling and conventions section](#code-style-and-conventions) below to be sure your PR fits our code requirements prior to submitting.
+
+
+
+### Code style and conventions
+* **Keep code [DRY](https://en.wikipedia.org/wiki/Don%27t_repeat_yourself)**. For example, Bash code used by multiple scripts will likely best be added to [`so-common`](salt/common/tools/sbin/so-common).
+
+* All new Bash code should pass [ShellCheck](https://www.shellcheck.net/) analysis. Where errors can be *safely* [ignored](https://github.com/koalaman/shellcheck/wiki/Ignore), the relevant disable directive should be accompanied by a brief explanation as to why the error is being ignored.
+
+* **Ensure all YAML (this includes Salt states and pillars) is properly formatted**. The spec for YAML v1.2 can be found [here](https://yaml.org/spec/1.2/spec.html), however there are numerous online resources with simpler descriptions of its formatting rules.
diff --git a/HOTFIX b/HOTFIX
index 12595f2e1..d3f5a12fa 100644
--- a/HOTFIX
+++ b/HOTFIX
@@ -1 +1 @@
-SALTYSOUP
+
diff --git a/README.md b/README.md
index 2bf903fa2..4bff52b20 100644
--- a/README.md
+++ b/README.md
@@ -1,14 +1,14 @@
-## Security Onion 2.3.52
+## Security Onion 2.3.60
-Security Onion 2.3.52 is here!
+Security Onion 2.3.60 is here!
## Screenshots
Alerts
-
+
Hunt
-
+
### Release Notes
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..46ae8090c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported |
+| ------- | ------------------ |
+| 2.x.x | :white_check_mark: |
+| 16.04.x | :x: |
+
+Security Onion 16.04 has reached End Of Life and is no longer supported.
+
+## Reporting a Vulnerability
+
+If you have any security concerns regarding Security Onion or believe you have uncovered a vulnerability, please follow these steps:
+
+- send an email to security@securityonion.net
+- include a description of the issue and steps to reproduce
+- please use plain text format (no Word documents or PDF files)
+- please do not disclose publicly until we have had sufficient time to resolve the issue
+
+This security address should be used only for undisclosed vulnerabilities. Dealing with fixed issues or general questions on how to use Security Onion should be handled via the normal support channels.
diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md
index 760df9329..b98cdfb9b 100644
--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -1,17 +1,17 @@
-### 2.3.52 ISO image built on 2021/04/27
+### 2.3.60 ISO image built on 2021/04/27
### Download and Verify
-2.3.52 ISO image:
-https://download.securityonion.net/file/securityonion/securityonion-2.3.52.iso
+2.3.60 ISO image:
+https://download.securityonion.net/file/securityonion/securityonion-2.3.60.iso
-MD5: DF0CCCB0331780F472CC167AEAB55652
-SHA1: 71FAE87E6C0AD99FCC27C50A5E5767D3F2332260
-SHA256: 30E7C4206CC86E94D1657CBE420D2F41C28BC4CC63C51F27C448109EBAF09121
+MD5: 0470325615C42C206B028EE37A1AD897
+SHA1: 496E70BD529D3B8A02D0B32F68B8F7527C953612
+SHA256: 417E34DFCD63D84A16FF2041DC712F02D9E0515C8B78BDF0EE1037DD13C32030
Signature for ISO image:
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.52.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.60.iso.sig
Signing key:
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS
@@ -25,22 +25,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
Download the signature file for the ISO:
```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.52.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.60.iso.sig
```
Download the ISO image:
```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.52.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.60.iso
```
Verify the downloaded ISO image using the signature file:
```
-gpg --verify securityonion-2.3.52.iso.sig securityonion-2.3.52.iso
+gpg --verify securityonion-2.3.60.iso.sig securityonion-2.3.60.iso
```
The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
```
-gpg: Signature made Sat 05 Jun 2021 06:56:04 PM EDT using RSA key ID FE507013
+gpg: Signature made Thu 01 Jul 2021 10:59:24 AM EDT using RSA key ID FE507013
gpg: Good signature from "Security Onion Solutions, LLC "
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
diff --git a/VERSION b/VERSION
index b71263f08..678d59d4f 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.3.52
+2.3.60
diff --git a/screenshots/alerts-1.png b/assets/images/screenshots/alerts-1.png
similarity index 100%
rename from screenshots/alerts-1.png
rename to assets/images/screenshots/alerts-1.png
diff --git a/screenshots/hunt-1.png b/assets/images/screenshots/hunt-1.png
similarity index 100%
rename from screenshots/hunt-1.png
rename to assets/images/screenshots/hunt-1.png
diff --git a/assets/images/verified-commit-1.png b/assets/images/verified-commit-1.png
new file mode 100644
index 000000000..62363b99b
Binary files /dev/null and b/assets/images/verified-commit-1.png differ
diff --git a/files/salt/master/master b/files/salt/master/master
index 93e8ff938..5db41fb90 100644
--- a/files/salt/master/master
+++ b/files/salt/master/master
@@ -67,3 +67,7 @@ peer:
reactor:
- 'so/fleet':
- salt://reactor/fleet.sls
+ - 'salt/beacon/*/watch_sqlite_db//opt/so/conf/kratos/db/sqlite.db':
+ - salt://reactor/kratos.sls
+
+
diff --git a/pillar/logstash/search.sls b/pillar/logstash/search.sls
index 2da8e6c59..10fab2ed1 100644
--- a/pillar/logstash/search.sls
+++ b/pillar/logstash/search.sls
@@ -7,6 +7,7 @@ logstash:
- so/9000_output_zeek.conf.jinja
- so/9002_output_import.conf.jinja
- so/9034_output_syslog.conf.jinja
+ - so/9050_output_filebeatmodules.conf.jinja
- so/9100_output_osquery.conf.jinja
- so/9400_output_suricata.conf.jinja
- so/9500_output_beats.conf.jinja
diff --git a/pillar/top.sls b/pillar/top.sls
index 86f988f38..efd222b87 100644
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -23,6 +23,9 @@ base:
'*_manager or *_managersearch':
- match: compound
- data.*
+{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
+ - elasticsearch.auth
+{% endif %}
- secrets
- global
- minions.{{ grains.id }}
@@ -39,6 +42,9 @@ base:
- secrets
- healthcheck.eval
- elasticsearch.eval
+{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
+ - elasticsearch.auth
+{% endif %}
- global
- minions.{{ grains.id }}
@@ -47,6 +53,9 @@ base:
- logstash.manager
- logstash.search
- elasticsearch.search
+{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
+ - elasticsearch.auth
+{% endif %}
- data.*
- zeeklogs
- secrets
@@ -60,6 +69,7 @@ base:
'*_heavynode':
- zeeklogs
+ - elasticsearch.auth
- global
- minions.{{ grains.id }}
@@ -81,6 +91,7 @@ base:
- logstash
- logstash.search
- elasticsearch.search
+ - elasticsearch.auth
- global
- minions.{{ grains.id }}
- data.nodestab
@@ -89,5 +100,8 @@ base:
- zeeklogs
- secrets
- elasticsearch.eval
+{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
+ - elasticsearch.auth
+{% endif %}
- global
- minions.{{ grains.id }}
diff --git a/pillar/zeek/init.sls b/pillar/zeek/init.sls
index 30a59284a..5eeb273b9 100644
--- a/pillar/zeek/init.sls
+++ b/pillar/zeek/init.sls
@@ -52,5 +52,4 @@ zeek:
- frameworks/signatures/detect-windows-shells
redef:
- LogAscii::use_json = T;
- - LogAscii::json_timestamps = JSON::TS_ISO8601;
- - CaptureLoss::watch_interval = 5 mins;
\ No newline at end of file
+ - CaptureLoss::watch_interval = 5 mins;
diff --git a/salt/common/init.sls b/salt/common/init.sls
index 33a8b9984..c8f1c7f12 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -2,6 +2,7 @@
{% if sls in allowed_states %}
{% set role = grains.id.split('_') | last %}
+{% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %}
# Remove variables.txt from /tmp - This is temp
rmvariablesfile:
@@ -95,7 +96,6 @@ commonpkgs:
- netcat
- python3-mysqldb
- sqlite3
- - argon2
- libssl-dev
- python3-dateutil
- python3-m2crypto
@@ -128,7 +128,6 @@ commonpkgs:
- net-tools
- curl
- sqlite
- - argon2
- mariadb-devel
- nmap-ncat
- python3
@@ -169,6 +168,14 @@ alwaysupdated:
Etc/UTC:
timezone.system
+elastic_curl_config:
+ file.managed:
+ - name: /opt/so/conf/elasticsearch/curl.config
+ - source: salt://elasticsearch/curl.config
+ - mode: 600
+ - show_changes: False
+ - makedirs: True
+
# Sync some Utilities
utilsyncscripts:
file.recurse:
@@ -178,6 +185,10 @@ utilsyncscripts:
- file_mode: 755
- template: jinja
- source: salt://common/tools/sbin
+ - defaults:
+ ELASTICCURL: 'curl'
+ - context:
+ ELASTICCURL: {{ ELASTICAUTH.elasticcurl }}
{% if role in ['eval', 'standalone', 'sensor', 'heavynode'] %}
# Add sensor cleanup
diff --git a/salt/common/tools/sbin/so-airgap-hotfixapply b/salt/common/tools/sbin/so-airgap-hotfixapply
old mode 100644
new mode 100755
diff --git a/salt/common/tools/sbin/so-airgap-hotfixdownload b/salt/common/tools/sbin/so-airgap-hotfixdownload
old mode 100644
new mode 100755
diff --git a/salt/common/tools/sbin/so-checkin b/salt/common/tools/sbin/so-checkin
index 90eae6b1e..c70701b71 100755
--- a/salt/common/tools/sbin/so-checkin
+++ b/salt/common/tools/sbin/so-checkin
@@ -17,4 +17,4 @@
. /usr/sbin/so-common
-salt-call state.highstate
+salt-call state.highstate -linfo
diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common
index 56123f418..c4f6aca30 100755
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -88,19 +88,6 @@ add_interface_bond0() {
fi
}
-check_airgap() {
- # See if this is an airgap install
- AIRGAP=$(cat /opt/so/saltstack/local/pillar/global.sls | grep airgap: | awk '{print $2}')
- if [[ "$AIRGAP" == "True" ]]; then
- is_airgap=0
- UPDATE_DIR=/tmp/soagupdate/SecurityOnion
- AGDOCKER=/tmp/soagupdate/docker
- AGREPO=/tmp/soagupdate/Packages
- else
- is_airgap=1
- fi
-}
-
check_container() {
docker ps | grep "$1:" > /dev/null 2>&1
return $?
@@ -153,16 +140,16 @@ Do you agree to the terms of the Elastic License?
If so, type AGREE to accept the Elastic License and continue. Otherwise, press Enter to exit this program without making any changes.
EOM
-AGREED=$(whiptail --title "Security Onion Setup" --inputbox \
-"$message" 20 75 3>&1 1>&2 2>&3)
+ AGREED=$(whiptail --title "$whiptail_title" --inputbox \
+ "$message" 20 75 3>&1 1>&2 2>&3)
-if [ "${AGREED^^}" = 'AGREE' ]; then
- mkdir -p /opt/so/state
- touch /opt/so/state/yeselastic.txt
-else
- echo "Starting in 2.3.40 you must accept the Elastic license if you want to run Security Onion."
- exit 1
-fi
+ if [ "${AGREED^^}" = 'AGREE' ]; then
+ mkdir -p /opt/so/state
+ touch /opt/so/state/yeselastic.txt
+ else
+ echo "Starting in 2.3.40 you must accept the Elastic license if you want to run Security Onion."
+ exit 1
+ fi
}
@@ -252,6 +239,7 @@ lookup_salt_value() {
key=$1
group=$2
kind=$3
+ output=${4:-newline_values_only}
if [ -z "$kind" ]; then
kind=pillar
@@ -261,7 +249,7 @@ lookup_salt_value() {
group=${group}:
fi
- salt-call --no-color ${kind}.get ${group}${key} --out=newline_values_only
+ salt-call --no-color ${kind}.get ${group}${key} --out=${output}
}
lookup_pillar() {
@@ -289,7 +277,7 @@ lookup_role() {
require_manager() {
if is_manager_node; then
- echo "This is a manager, We can proceed."
+ echo "This is a manager, so we can proceed."
else
echo "Please run this command on the manager; the manager controls the grid."
exit 1
@@ -302,6 +290,7 @@ retry() {
cmd=$3
expectedOutput=$4
attempt=0
+ local exitcode=0
while [[ $attempt -lt $maxAttempts ]]; do
attempt=$((attempt+1))
echo "Executing command with retry support: $cmd"
@@ -321,7 +310,29 @@ retry() {
sleep $sleepDelay
done
echo "Command continues to fail; giving up."
- return 1
+ return $exitcode
+}
+
+run_check_net_err() {
+ local cmd=$1
+ local err_msg=${2:-"Unknown error occured, please check /root/$WHATWOULDYOUSAYYAHDOHERE.log for details."} # Really need to rename that variable
+ local no_retry=$3
+
+ local exit_code
+ if [[ -z $no_retry ]]; then
+ retry 5 60 "$cmd"
+ exit_code=$?
+ else
+ eval "$cmd"
+ exit_code=$?
+ fi
+
+ if [[ $exit_code -ne 0 ]]; then
+ ERR_HANDLED=true
+ [[ -z $no_retry ]] || echo "Command failed with error $exit_code"
+ echo "$err_msg"
+ exit $exit_code
+ fi
}
set_os() {
@@ -486,13 +497,14 @@ wait_for_web_response() {
url=$1
expected=$2
maxAttempts=${3:-300}
+ curlcmd=${4:-curl}
logfile=/root/wait_for_web_response.log
truncate -s 0 "$logfile"
attempt=0
while [[ $attempt -lt $maxAttempts ]]; do
attempt=$((attempt+1))
echo "Waiting for value '$expected' at '$url' ($attempt/$maxAttempts)"
- result=$(curl -ks -L $url)
+ result=$($curlcmd -ks -L $url)
exitcode=$?
echo "--------------------------------------------------" >> $logfile
diff --git a/salt/common/tools/sbin/so-config-backup b/salt/common/tools/sbin/so-config-backup
index c8e504b4a..32be845ae 100755
--- a/salt/common/tools/sbin/so-config-backup
+++ b/salt/common/tools/sbin/so-config-backup
@@ -35,6 +35,7 @@ if [ ! -f $BACKUPFILE ]; then
{%- endfor %}
tar -rf $BACKUPFILE /etc/pki
tar -rf $BACKUPFILE /etc/salt
+ tar -rf $BACKUPFILE /opt/so/conf/kratos
fi
diff --git a/salt/common/tools/sbin/so-docker-prune b/salt/common/tools/sbin/so-docker-prune
index f6c043ef3..a845c4549 100755
--- a/salt/common/tools/sbin/so-docker-prune
+++ b/salt/common/tools/sbin/so-docker-prune
@@ -32,19 +32,25 @@ def get_image_version(string) -> str:
ver = string.split(':')[-1]
if ver == 'latest':
# Version doesn't like "latest", so use a high semver
- return '999999.9.9'
+ return '99999.9.9'
else:
try:
Version(ver)
except InvalidVersion:
- # Strip the last substring following a hyphen for automated branches
- ver = '-'.join(ver.split('-')[:-1])
+ # Also return a very high semver for any version
+ # with a dash in it since it will likely be a dev version of some kind
+ if '-' in ver:
+ return '999999.9.9'
return ver
def main(quiet):
client = docker.from_env()
+ # Prune old/stopped containers
+ if not quiet: print('Pruning old containers')
+ client.containers.prune()
+
image_list = client.images.list(filters={ 'dangling': False })
# Map list of image objects to flattened list of tags (format: "name:version")
@@ -72,9 +78,16 @@ def main(quiet):
for group in grouped_t_list[2:]:
for tag in group:
if not quiet: print(f'Removing image {tag}')
- client.images.remove(tag)
- except InvalidVersion as e:
- print(f'so-{get_so_image_basename(t_list[0])}: {e.args[0]}', file=sys.stderr)
+ try:
+ client.images.remove(tag, force=True)
+ except docker.errors.ClientError as e:
+ print(f'Could not remove image {tag}, continuing...')
+ except (docker.errors.APIError, InvalidVersion) as e:
+ print(f'so-{get_so_image_basename(t_list[0])}: {e}', file=sys.stderr)
+ exit(1)
+ except Exception as e:
+ print('Unhandled exception occurred:')
+ print(f'so-{get_so_image_basename(t_list[0])}: {e}', file=sys.stderr)
exit(1)
if no_prunable and not quiet:
@@ -86,4 +99,4 @@ if __name__ == "__main__":
main_parser.add_argument('-q', '--quiet', action='store_const', const=True, required=False)
args = main_parser.parse_args(sys.argv[1:])
- main(args.quiet)
\ No newline at end of file
+ main(args.quiet)
diff --git a/salt/common/tools/sbin/so-elastalert-create b/salt/common/tools/sbin/so-elastalert-create
index 683b53ed1..56e1a5a25 100755
--- a/salt/common/tools/sbin/so-elastalert-create
+++ b/salt/common/tools/sbin/so-elastalert-create
@@ -145,9 +145,9 @@ EOF
rulename=$(echo ${raw_rulename,,} | sed 's/ /_/g')
cat << EOF >> "$rulename.yaml"
-# Elasticsearch Host
-es_host: elasticsearch
-es_port: 9200
+# Elasticsearch Host Override (optional)
+# es_host: elasticsearch
+# es_port: 9200
# (Required)
# Rule name, must be unique
diff --git a/salt/common/tools/sbin/so-elastic-auth b/salt/common/tools/sbin/so-elastic-auth
new file mode 100755
index 000000000..6157cb4b4
--- /dev/null
+++ b/salt/common/tools/sbin/so-elastic-auth
@@ -0,0 +1,67 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+if [ -f "/usr/sbin/so-common" ]; then
+ . /usr/sbin/so-common
+fi
+
+ES_AUTH_PILLAR=${ELASTIC_AUTH_PILLAR:-/opt/so/saltstack/local/pillar/elasticsearch/auth.sls}
+ES_USERS_FILE=${ELASTIC_USERS_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users}
+
+authEnable=$1
+
+if ! grep -q "enabled: " "$ES_AUTH_PILLAR"; then
+ echo "Elastic auth pillar file is invalid. Unable to proceed."
+ exit 1
+fi
+
+function restart() {
+ if [[ -z "$ELASTIC_AUTH_SKIP_HIGHSTATE" ]]; then
+ echo "Elasticsearch on all affected minions will now be stopped and then restarted..."
+ salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch or G@role:so-node or G@role:so-heavynode' cmd.run so-elastic-stop queue=True
+ echo "Applying highstate to all affected minions..."
+ salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch or G@role:so-node or G@role:so-heavynode' state.highstate queue=True
+ fi
+}
+
+if [[ "$authEnable" == "true" ]]; then
+ if grep -q "enabled: False" "$ES_AUTH_PILLAR"; then
+ sed -i 's/enabled: False/enabled: True/g' "$ES_AUTH_PILLAR"
+ restart
+ echo "Elastic auth is now enabled."
+ if grep -q "argon" "$ES_USERS_FILE"; then
+ echo ""
+ echo "IMPORTANT: The following users will need to change their password, after logging into SOC, in order to access Kibana:"
+ grep argon "$ES_USERS_FILE" | cut -d ":" -f 1
+ fi
+ else
+ echo "Auth is already enabled."
+ fi
+elif [[ "$authEnable" == "false" ]]; then
+ if grep -q "enabled: True" "$ES_AUTH_PILLAR"; then
+ sed -i 's/enabled: True/enabled: False/g' "$ES_AUTH_PILLAR"
+ restart
+ echo "Elastic auth is now disabled."
+ else
+ echo "Auth is already disabled."
+ fi
+else
+ echo "Usage: $0 "
+ echo ""
+ echo "Toggles Elastic authentication. Elasticsearch will be restarted on each affected minion."
+ echo ""
+fi
diff --git a/salt/common/tools/sbin/so-elastic-clear b/salt/common/tools/sbin/so-elastic-clear
index 4c7271272..56b5c3d2c 100755
--- a/salt/common/tools/sbin/so-elastic-clear
+++ b/salt/common/tools/sbin/so-elastic-clear
@@ -50,7 +50,7 @@ done
if [ $SKIP -ne 1 ]; then
# List indices
echo
- curl -k -L https://{{ NODEIP }}:9200/_cat/indices?v
+ {{ ELASTICCURL }} -k -L https://{{ NODEIP }}:9200/_cat/indices?v
echo
# Inform user we are about to delete all data
echo
@@ -89,10 +89,10 @@ fi
# Delete data
echo "Deleting data..."
-INDXS=$(curl -s -XGET -k -L https://{{ NODEIP }}:9200/_cat/indices?v | egrep 'logstash|elastalert|so-' | awk '{ print $3 }')
+INDXS=$({{ ELASTICCURL }} -s -XGET -k -L https://{{ NODEIP }}:9200/_cat/indices?v | egrep 'logstash|elastalert|so-' | awk '{ print $3 }')
for INDX in ${INDXS}
do
- curl -XDELETE -k -L https://"{{ NODEIP }}:9200/${INDX}" > /dev/null 2>&1
+ {{ ELASTICCURL }} -XDELETE -k -L https://"{{ NODEIP }}:9200/${INDX}" > /dev/null 2>&1
done
#Start Logstash/Filebeat
diff --git a/salt/common/tools/sbin/so-elasticsearch-indices-list b/salt/common/tools/sbin/so-elasticsearch-indices-list
index c9df67a25..b5cd1b359 100755
--- a/salt/common/tools/sbin/so-elasticsearch-indices-list
+++ b/salt/common/tools/sbin/so-elasticsearch-indices-list
@@ -18,4 +18,4 @@
. /usr/sbin/so-common
-curl -s -k -L https://{{ NODEIP }}:9200/_cat/indices?pretty
+{{ ELASTICCURL }} -s -k -L https://{{ NODEIP }}:9200/_cat/indices?pretty
diff --git a/salt/common/tools/sbin/so-elasticsearch-indices-rw b/salt/common/tools/sbin/so-elasticsearch-indices-rw
index 6b123bd0d..f5296f2b8 100755
--- a/salt/common/tools/sbin/so-elasticsearch-indices-rw
+++ b/salt/common/tools/sbin/so-elasticsearch-indices-rw
@@ -21,5 +21,5 @@ THEHIVEESPORT=9400
echo "Removing read only attributes for indices..."
echo
-curl -s -k -XPUT -H "Content-Type: application/json" -L https://$IP:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' 2>&1 | if grep -q ack; then echo "Index settings updated..."; else echo "There was any issue updating the read-only attribute. Please ensure Elasticsearch is running.";fi;
-curl -XPUT -H "Content-Type: application/json" -L http://$IP:9400/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' 2>&1 | if grep -q ack; then echo "Index settings updated..."; else echo "There was any issue updating the read-only attribute. Please ensure Elasticsearch is running.";fi;
+{{ ELASTICCURL }} -s -k -XPUT -H "Content-Type: application/json" -L https://$IP:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' 2>&1 | if grep -q ack; then echo "Index settings updated..."; else echo "There was any issue updating the read-only attribute. Please ensure Elasticsearch is running.";fi;
+{{ ELASTICCURL }} -XPUT -H "Content-Type: application/json" -L http://$IP:9400/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' 2>&1 | if grep -q ack; then echo "Index settings updated..."; else echo "There was any issue updating the read-only attribute. Please ensure Elasticsearch is running.";fi;
diff --git a/salt/common/tools/sbin/so-elasticsearch-pipeline-stats b/salt/common/tools/sbin/so-elasticsearch-pipeline-stats
index 146196917..2f9edb6c1 100755
--- a/salt/common/tools/sbin/so-elasticsearch-pipeline-stats
+++ b/salt/common/tools/sbin/so-elasticsearch-pipeline-stats
@@ -19,7 +19,7 @@
. /usr/sbin/so-common
if [ "$1" == "" ]; then
- curl -s -k -L https://{{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines"
+ {{ ELASTICCURL }} -s -k -L https://{{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines"
else
- curl -s -k -L https://{{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines.\"$1\""
+ {{ ELASTICCURL }} -s -k -L https://{{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines.\"$1\""
fi
diff --git a/salt/common/tools/sbin/so-elasticsearch-pipeline-view b/salt/common/tools/sbin/so-elasticsearch-pipeline-view
index 04901e122..3239aec0a 100755
--- a/salt/common/tools/sbin/so-elasticsearch-pipeline-view
+++ b/salt/common/tools/sbin/so-elasticsearch-pipeline-view
@@ -19,7 +19,7 @@
. /usr/sbin/so-common
if [ "$1" == "" ]; then
- curl -s -k -L https://{{ NODEIP }}:9200/_ingest/pipeline/* | jq .
+ {{ ELASTICCURL }} -s -k -L https://{{ NODEIP }}:9200/_ingest/pipeline/* | jq .
else
- curl -s -k -L https://{{ NODEIP }}:9200/_ingest/pipeline/$1 | jq .
+ {{ ELASTICCURL }} -s -k -L https://{{ NODEIP }}:9200/_ingest/pipeline/$1 | jq .[]
fi
diff --git a/salt/common/tools/sbin/so-elasticsearch-pipelines-list b/salt/common/tools/sbin/so-elasticsearch-pipelines-list
index 565f90071..f6ef516ef 100755
--- a/salt/common/tools/sbin/so-elasticsearch-pipelines-list
+++ b/salt/common/tools/sbin/so-elasticsearch-pipelines-list
@@ -17,7 +17,7 @@
{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
. /usr/sbin/so-common
if [ "$1" == "" ]; then
- curl -s -k -L https://{{ NODEIP }}:9200/_ingest/pipeline/* | jq 'keys'
+ {{ ELASTICCURL }} -s -k -L https://{{ NODEIP }}:9200/_ingest/pipeline/* | jq 'keys'
else
- curl -s -k -L https://{{ NODEIP }}:9200/_ingest/pipeline/$1 | jq
+ {{ ELASTICCURL }} -s -k -L https://{{ NODEIP }}:9200/_ingest/pipeline/$1 | jq
fi
diff --git a/salt/common/tools/sbin/so-elasticsearch-query b/salt/common/tools/sbin/so-elasticsearch-query
new file mode 100755
index 000000000..80dd6ee2e
--- /dev/null
+++ b/salt/common/tools/sbin/so-elasticsearch-query
@@ -0,0 +1,37 @@
+#!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see
+. /usr/sbin/so-common
+
+if [[ $# -lt 1 ]]; then
+ echo "Submit a cURL request to the local Security Onion Elasticsearch host."
+ echo ""
+ echo "Usage: $0 [ARGS,...]"
+ echo ""
+ echo "Where "
+ echo " PATH represents the elastic function being requested."
+ echo " ARGS is used to specify additional, optional curl parameters."
+ echo ""
+ echo "Examples:"
+ echo " $0 /"
+ echo " $0 '*:so-*/_search' -d '{\"query\": {\"match_all\": {}},\"size\": 1}' | jq"
+ exit 1
+fi
+
+QUERYPATH=$1
+shift
+
+{{ ELASTICCURL }} -s -k -L -H "Content-Type: application/json" "https://localhost:9200/${QUERYPATH}" "$@"
diff --git a/salt/common/tools/sbin/so-elasticsearch-shards-list b/salt/common/tools/sbin/so-elasticsearch-shards-list
index 9d28ed95b..a240f993f 100755
--- a/salt/common/tools/sbin/so-elasticsearch-shards-list
+++ b/salt/common/tools/sbin/so-elasticsearch-shards-list
@@ -18,4 +18,4 @@
. /usr/sbin/so-common
-curl -s -k -L https://{{ NODEIP }}:9200/_cat/shards?pretty
+{{ ELASTICCURL }} -s -k -L https://{{ NODEIP }}:9200/_cat/shards?pretty
diff --git a/salt/common/tools/sbin/so-elasticsearch-template-remove b/salt/common/tools/sbin/so-elasticsearch-template-remove
index f7c3e6812..fe19a9d03 100755
--- a/salt/common/tools/sbin/so-elasticsearch-template-remove
+++ b/salt/common/tools/sbin/so-elasticsearch-template-remove
@@ -18,4 +18,4 @@
. /usr/sbin/so-common
-curl -s -k -L -XDELETE https://{{ NODEIP }}:9200/_template/$1
+{{ ELASTICCURL }} -s -k -L -XDELETE https://{{ NODEIP }}:9200/_template/$1
diff --git a/salt/common/tools/sbin/so-elasticsearch-template-view b/salt/common/tools/sbin/so-elasticsearch-template-view
index c9f3ec199..1083cb762 100755
--- a/salt/common/tools/sbin/so-elasticsearch-template-view
+++ b/salt/common/tools/sbin/so-elasticsearch-template-view
@@ -19,7 +19,7 @@
. /usr/sbin/so-common
if [ "$1" == "" ]; then
- curl -s -k -L https://{{ NODEIP }}:9200/_template/* | jq .
+ {{ ELASTICCURL }} -s -k -L https://{{ NODEIP }}:9200/_template/* | jq .
else
- curl -s -k -L https://{{ NODEIP }}:9200/_template/$1 | jq .
+ {{ ELASTICCURL }} -s -k -L https://{{ NODEIP }}:9200/_template/$1 | jq .
fi
diff --git a/salt/common/tools/sbin/so-elasticsearch-templates-list b/salt/common/tools/sbin/so-elasticsearch-templates-list
index 494ca5770..6a7c4d039 100755
--- a/salt/common/tools/sbin/so-elasticsearch-templates-list
+++ b/salt/common/tools/sbin/so-elasticsearch-templates-list
@@ -17,7 +17,7 @@
{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
. /usr/sbin/so-common
if [ "$1" == "" ]; then
- curl -s -k -L https://{{ NODEIP }}:9200/_template/* | jq 'keys'
+ {{ ELASTICCURL }} -s -k -L https://{{ NODEIP }}:9200/_template/* | jq 'keys'
else
- curl -s -k -L https://{{ NODEIP }}:9200/_template/$1 | jq
+ {{ ELASTICCURL }} -s -k -L https://{{ NODEIP }}:9200/_template/$1 | jq
fi
diff --git a/salt/common/tools/sbin/so-elasticsearch-templates-load b/salt/common/tools/sbin/so-elasticsearch-templates-load
index 42a836854..c416a3ce2 100755
--- a/salt/common/tools/sbin/so-elasticsearch-templates-load
+++ b/salt/common/tools/sbin/so-elasticsearch-templates-load
@@ -1,8 +1,5 @@
-{%- set mainint = salt['pillar.get']('host:mainint') %}
-{%- set MYIP = salt['grains.get']('ip_interfaces:' ~ mainint)[0] %}
-
#!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -17,6 +14,9 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
+{%- set mainint = salt['pillar.get']('host:mainint') %}
+{%- set MYIP = salt['grains.get']('ip_interfaces:' ~ mainint)[0] %}
+
default_conf_dir=/opt/so/conf
ELASTICSEARCH_HOST="{{ MYIP }}"
ELASTICSEARCH_PORT=9200
@@ -30,7 +30,7 @@ echo -n "Waiting for ElasticSearch..."
COUNT=0
ELASTICSEARCH_CONNECTED="no"
while [[ "$COUNT" -le 240 ]]; do
- curl -k --output /dev/null --silent --head --fail -L https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT"
+ {{ ELASTICCURL }} -k --output /dev/null --silent --head --fail -L https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT"
if [ $? -eq 0 ]; then
ELASTICSEARCH_CONNECTED="yes"
echo "connected!"
@@ -51,7 +51,7 @@ cd ${ELASTICSEARCH_TEMPLATES}
echo "Loading templates..."
-for i in *; do TEMPLATE=$(echo $i | cut -d '-' -f2); echo "so-$TEMPLATE"; curl -k ${ELASTICSEARCH_AUTH} -s -XPUT -L https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_template/so-$TEMPLATE -H 'Content-Type: application/json' -d@$i 2>/dev/null; echo; done
+for i in *; do TEMPLATE=$(echo $i | cut -d '-' -f2); echo "so-$TEMPLATE"; {{ ELASTICCURL }} -k ${ELASTICSEARCH_AUTH} -s -XPUT -L https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_template/so-$TEMPLATE -H 'Content-Type: application/json' -d@$i 2>/dev/null; echo; done
echo
cd - >/dev/null
diff --git a/salt/common/tools/sbin/so-elasticsearch-wait b/salt/common/tools/sbin/so-elasticsearch-wait
new file mode 100755
index 000000000..f56aafcd3
--- /dev/null
+++ b/salt/common/tools/sbin/so-elasticsearch-wait
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+. /usr/sbin/so-common
+
+wait_for_web_response "https://localhost:9200/_cat/indices/.kibana*" "green open" 300 "{{ ELASTICCURL }}"
diff --git a/salt/common/tools/sbin/so-filebeat-module-setup b/salt/common/tools/sbin/so-filebeat-module-setup
new file mode 100755
index 000000000..401f54289
--- /dev/null
+++ b/salt/common/tools/sbin/so-filebeat-module-setup
@@ -0,0 +1,67 @@
+#!/bin/bash
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+{%- set mainint = salt['pillar.get']('host:mainint') %}
+{%- set MYIP = salt['grains.get']('ip_interfaces:' ~ mainint)[0] %}
+
+default_conf_dir=/opt/so/conf
+ELASTICSEARCH_HOST="{{ MYIP }}"
+ELASTICSEARCH_PORT=9200
+#ELASTICSEARCH_AUTH=""
+
+# Define a default directory to load pipelines from
+FB_MODULE_YML="/usr/share/filebeat/module-setup.yml"
+
+
+# Wait for ElasticSearch to initialize
+echo -n "Waiting for ElasticSearch..."
+COUNT=0
+ELASTICSEARCH_CONNECTED="no"
+while [[ "$COUNT" -le 240 ]]; do
+ {{ ELASTICCURL }} -k --output /dev/null --silent --head --fail -L https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT"
+ if [ $? -eq 0 ]; then
+ ELASTICSEARCH_CONNECTED="yes"
+ echo "connected!"
+ break
+ else
+ ((COUNT+=1))
+ sleep 1
+ echo -n "."
+ fi
+done
+if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then
+ echo
+ echo -e "Connection attempt timed out. Unable to connect to ElasticSearch. \nPlease try: \n -checking log(s) in /var/log/elasticsearch/\n -running 'sudo docker ps' \n -running 'sudo so-elastic-restart'"
+ echo
+fi
+echo "Testing to see if the pipelines are already applied"
+ESVER=$({{ ELASTICCURL }} -sk https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT" |jq .version.number |tr -d \")
+PIPELINES=$({{ ELASTICCURL }} -sk https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT"/_ingest/pipeline/filebeat-$ESVER-suricata-eve-pipeline | jq . | wc -c)
+
+if [[ "$PIPELINES" -lt 5 ]]; then
+ echo "Setting up ingest pipeline(s)"
+
+ for MODULE in activemq apache auditd aws azure barracuda bluecoat cef checkpoint cisco coredns crowdstrike cyberark cylance elasticsearch envoyproxy f5 fortinet gcp google_workspace googlecloud gsuite haproxy ibmmq icinga iis imperva infoblox iptables juniper kafka kibana logstash microsoft misp mongodb mssql mysql nats netscout nginx o365 okta osquery panw postgresql rabbitmq radware redis santa snort snyk sonicwall sophos squid suricata system tomcat traefik zeek zscaler
+ do
+ echo "Loading $MODULE"
+ docker exec -i so-filebeat filebeat setup modules -pipelines -modules $MODULE -c $FB_MODULE_YML
+ sleep 2
+ done
+else
+ exit 0
+fi
+
+
diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common
index be5a327f0..9b6e2174a 100755
--- a/salt/common/tools/sbin/so-image-common
+++ b/salt/common/tools/sbin/so-image-common
@@ -18,6 +18,7 @@
# NOTE: This script depends on so-common
IMAGEREPO=security-onion-solutions
+# shellcheck disable=SC2120
container_list() {
MANAGERCHECK=$1
@@ -128,13 +129,13 @@ update_docker_containers() {
mkdir -p $SIGNPATH >> "$LOG_FILE" 2>&1
# Let's make sure we have the public key
- retry 50 10 "curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS -o $SIGNPATH/KEYS" >> "$LOG_FILE" 2>&1
+ run_check_net_err \
+ "curl --retry 5 --retry-delay 60 -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS -o $SIGNPATH/KEYS" \
+ "Could not pull signature key file, please ensure connectivity to https://raw.gihubusercontent.com" \
+ noretry >> "$LOG_FILE" 2>&1
result=$?
if [[ $result -eq 0 ]]; then
cat $SIGNPATH/KEYS | gpg --import - >> "$LOG_FILE" 2>&1
- else
- echo "Failed to pull signature key file: $result"
- exit 1
fi
# Download the containers from the interwebs
@@ -148,14 +149,15 @@ update_docker_containers() {
# Pull down the trusted docker image
local image=$i:$VERSION$IMAGE_TAG_SUFFIX
- retry 50 10 "docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$image" >> "$LOG_FILE" 2>&1
+ run_check_net_err \
+ "docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$image" \
+ "Could not pull $image, please ensure connectivity to $CONTAINER_REGISTRY" >> "$LOG_FILE" 2>&1
# Get signature
- retry 50 10 "curl -A '$CURLTYPE/$CURRENTVERSION/$OS/$(uname -r)' https://sigs.securityonion.net/$VERSION/$i:$VERSION$IMAGE_TAG_SUFFIX.sig --output $SIGNPATH/$image.sig" >> "$LOG_FILE" 2>&1
- if [[ $? -ne 0 ]]; then
- echo "Unable to pull signature file for $image" >> "$LOG_FILE" 2>&1
- exit 1
- fi
+ run_check_net_err \
+ "curl --retry 5 --retry-delay 60 -A '$CURLTYPE/$CURRENTVERSION/$OS/$(uname -r)' https://sigs.securityonion.net/$VERSION/$i:$VERSION$IMAGE_TAG_SUFFIX.sig --output $SIGNPATH/$image.sig" \
+ "Could not pull signature file for $image, please ensure connectivity to https://sigs.securityonion.net " \
+ noretry >> "$LOG_FILE" 2>&1
# Dump our hash values
DOCKERINSPECT=$(docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$image)
diff --git a/salt/common/tools/sbin/so-import-pcap b/salt/common/tools/sbin/so-import-pcap
index 32121d8cc..c525849ef 100755
--- a/salt/common/tools/sbin/so-import-pcap
+++ b/salt/common/tools/sbin/so-import-pcap
@@ -132,6 +132,8 @@ for PCAP in "$@"; do
PCAP_FIXED=`mktemp /tmp/so-import-pcap-XXXXXXXXXX.pcap`
echo "- attempting to recover corrupted PCAP file"
pcapfix "${PCAP}" "${PCAP_FIXED}"
+ # Make fixed file world readable since the Suricata docker container will runas a non-root user
+ chmod a+r "${PCAP_FIXED}"
PCAP="${PCAP_FIXED}"
TEMP_PCAPS+=(${PCAP_FIXED})
fi
diff --git a/salt/common/tools/sbin/so-index-list b/salt/common/tools/sbin/so-index-list
index cf9232150..e24599f0e 100755
--- a/salt/common/tools/sbin/so-index-list
+++ b/salt/common/tools/sbin/so-index-list
@@ -15,4 +15,4 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-curl -X GET -k -L "https://localhost:9200/_cat/indices?v&s=index"
+{{ ELASTICCURL }} -X GET -k -L "https://localhost:9200/_cat/indices?v&s=index"
diff --git a/salt/common/tools/sbin/so-influxdb-clean b/salt/common/tools/sbin/so-influxdb-clean
new file mode 100755
index 000000000..7b586f03b
--- /dev/null
+++ b/salt/common/tools/sbin/so-influxdb-clean
@@ -0,0 +1,53 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+. /usr/sbin/so-common
+
+wdurregex="^[0-9]+w$"
+ddurregex="^[0-9]+d$"
+
+echo -e "\nThis script is used to reduce the size of InfluxDB by removing old data and retaining only the duration specified."
+echo "The duration will need to be specified as an integer followed by the duration unit without a space."
+echo -e "\nFor example, to purge all data but retain the past 12 weeks, specify 12w for the duration."
+echo "The duration units are as follows:"
+echo " w - week(s)"
+echo " d - day(s)"
+
+while true; do
+ echo ""
+ read -p 'Enter the duration of past data that you would like to retain: ' duration
+ duration=$(echo $duration | tr '[:upper:]' '[:lower:]')
+
+ if [[ "$duration" =~ $wdurregex ]] || [[ "$duration" =~ $ddurregex ]]; then
+ break
+ fi
+
+ echo -e "\nInvalid duration."
+done
+
+echo -e "\nInfluxDB will now be cleaned and leave only the past $duration worth of data."
+read -r -p "Are you sure you want to continue? [y/N] " yorn
+if [[ "$yorn" =~ ^([yY][eE][sS]|[yY])$ ]]; then
+ echo -e "\nCleaning InfluxDb and saving only the past $duration. This may could take several minutes depending on how much data needs to be cleaned."
+ if docker exec -t so-influxdb /bin/bash -c "influx -ssl -unsafeSsl -database telegraf -execute \"DELETE FROM /.*/ WHERE \"time\" >= '2020-01-01T00:00:00.0000000Z' AND \"time\" <= now() - $duration\""; then
+ echo -e "\nInfluxDb clean complete."
+ else
+ echo -e "\nSomething went wrong with cleaning InfluxDB. Please verify that the so-influxdb Docker container is running, and check the log at /opt/so/log/influxdb/influxdb.log for any details."
+ fi
+else
+ echo -e "\nExiting as requested."
+fi
diff --git a/salt/common/tools/sbin/so-influxdb-downsample b/salt/common/tools/sbin/so-influxdb-downsample
new file mode 100755
index 000000000..d1e32ef9f
--- /dev/null
+++ b/salt/common/tools/sbin/so-influxdb-downsample
@@ -0,0 +1,63 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+{%- set role = grains.id.split('_') | last %}
+{%- if role in ['manager', 'managersearch', 'eval', 'standalone'] %}
+ {%- import_yaml 'influxdb/defaults.yaml' as default_settings %}
+ {%- set influxdb = salt['grains.filter_by'](default_settings, default='influxdb', merge=salt['pillar.get']('influxdb', {})) %}
+
+. /usr/sbin/so-common
+
+echo -e "\nThis script is used to reduce the size of InfluxDB by downsampling old data into the so_long_term retention policy."
+
+echo -e "\nInfluxDB will now be downsampled. This could take a few hours depending on how large the database is and hardware resources available."
+read -r -p "Are you sure you want to continue? [y/N] " yorn
+if [[ "$yorn" =~ ^([yY][eE][sS]|[yY])$ ]]; then
+ echo -e "\nDownsampling InfluxDb started at `date`. This may take several hours depending on how much data needs to be downsampled."
+
+ {% for dest_rp in influxdb.downsample.keys() -%}
+ {% for measurement in influxdb.downsample[dest_rp].get('measurements', []) -%}
+
+ day=0
+ startdate=`date`
+ while docker exec -t so-influxdb /bin/bash -c "influx -ssl -unsafeSsl -database telegraf -execute \"SELECT mean(*) INTO \"so_long_term\".\"{{measurement}}\" FROM \"autogen\".\"{{measurement}}\" WHERE \"time\" >= '2020-07-21T00:00:00.0000000Z' + ${day}d AND \"time\" <= '2020-07-21T00:00:00.0000000Z' + $((day+1))d GROUP BY time(5m),*\""; do
+ # why 2020-07-21?
+ migrationdate=`date -d "2020-07-21 + ${day} days" +"%y-%m-%d"`
+
+ echo "Downsampling of measurement: {{measurement}} from $migrationdate started at $startdate and completed at `date`."
+
+ newdaytomigrate=$(date -d "$migrationdate + 1 days" +"%s")
+ today=$(date +"%s")
+ if [ $newdaytomigrate -ge $today ]; then
+ break
+ else
+ ((day=day+1))
+ startdate=`date`
+ echo -e "\nDownsampling the next day's worth of data for measurement: {{measurement}}."
+ fi
+ done
+
+ {% endfor -%}
+ {% endfor -%}
+
+ echo -e "\nInfluxDb data downsampling complete."
+
+else
+ echo -e "\nExiting as requested."
+fi
+{%- else %}
+echo -e "\nThis script can only be run on a node running InfluxDB."
+{%- endif %}
diff --git a/salt/common/tools/sbin/so-influxdb-drop-autogen b/salt/common/tools/sbin/so-influxdb-drop-autogen
new file mode 100644
index 000000000..56c00234e
--- /dev/null
+++ b/salt/common/tools/sbin/so-influxdb-drop-autogen
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+. /usr/sbin/so-common
+
+echo -e "\nThis script is used to reduce the size of InfluxDB by dropping the autogen retention policy."
+echo "If you want to retain historical data prior to 2.3.60, then this should only be run after you have downsampled your data using so-influxdb-downsample."
+
+echo -e "\nThe autogen retention policy will now be dropped from InfluxDB."
+read -r -p "Are you sure you want to continue? [y/N] " yorn
+if [[ "$yorn" =~ ^([yY][eE][sS]|[yY])$ ]]; then
+ echo -e "\nDropping autogen retention policy."
+ if docker exec -t so-influxdb influx -format json -ssl -unsafeSsl -execute "drop retention policy autogen on telegraf"; then
+ echo -e "\nAutogen retention policy dropped from InfluxDb."
+ else
+ echo -e "\nSomething went wrong dropping then autogen retention policy from InfluxDB. Please verify that the so-influxdb Docker container is running, and check the log at /opt/so/log/influxdb/influxdb.log for any details."
+ fi
+else
+ echo -e "\nExiting as requested."
+fi
diff --git a/salt/common/tools/sbin/so-kibana-config-export b/salt/common/tools/sbin/so-kibana-config-export
index 636c52229..05454cd76 100755
--- a/salt/common/tools/sbin/so-kibana-config-export
+++ b/salt/common/tools/sbin/so-kibana-config-export
@@ -23,7 +23,9 @@
KIBANA_HOST={{ MANAGER }}
KSO_PORT=5601
OUTFILE="saved_objects.ndjson"
-curl -s -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -XPOST -L $KIBANA_HOST:$KSO_PORT/api/saved_objects/_export -d '{ "type": [ "index-pattern", "config", "visualization", "dashboard", "search" ], "excludeExportDetails": false }' > $OUTFILE
+
+SESSIONCOOKIE=$({{ ELASTICCURL }} -c - -X GET http://$KIBANA_HOST:$KSO_PORT/ | grep sid | awk '{print $7}')
+{{ ELASTICCURL }} -b "sid=$SESSIONCOOKIE" -s -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -XPOST -L $KIBANA_HOST:$KSO_PORT/api/saved_objects/_export -d '{ "type": [ "index-pattern", "config", "visualization", "dashboard", "search" ], "excludeExportDetails": false }' > $OUTFILE
# Clean up using PLACEHOLDER
sed -i "s/$KIBANA_HOST/PLACEHOLDER/g" $OUTFILE
diff --git a/salt/common/tools/sbin/so-kibana-space-defaults b/salt/common/tools/sbin/so-kibana-space-defaults
index edf356d45..d90cf0c11 100755
--- a/salt/common/tools/sbin/so-kibana-space-defaults
+++ b/salt/common/tools/sbin/so-kibana-space-defaults
@@ -1,13 +1,13 @@
. /usr/sbin/so-common
-wait_for_web_response "http://localhost:5601/app/kibana" "Elastic"
+wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "{{ ELASTICCURL }}"
## This hackery will be removed if using Elastic Auth ##
# Let's snag a cookie from Kibana
-THECOOKIE=$(curl -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
+SESSIONCOOKIE=$({{ ELASTICCURL }} -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
# Disable certain Features from showing up in the Kibana UI
echo
echo "Setting up default Space:"
-curl -b "sid=$THECOOKIE" -L -X PUT "localhost:5601/api/spaces/space/default" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' {"id":"default","name":"Default","disabledFeatures":["ml","enterpriseSearch","siem","logs","infrastructure","apm","uptime","monitoring","stackAlerts","actions","fleet"]} ' >> /opt/so/log/kibana/misc.log
-echo
\ No newline at end of file
+{{ ELASTICCURL }} -b "sid=$SESSIONCOOKIE" -L -X PUT "localhost:5601/api/spaces/space/default" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' {"id":"default","name":"Default","disabledFeatures":["ml","enterpriseSearch","siem","logs","infrastructure","apm","uptime","monitoring","stackAlerts","actions","fleet"]} ' >> /opt/so/log/kibana/misc.log
+echo
diff --git a/salt/common/tools/sbin/so-pcap-export b/salt/common/tools/sbin/so-pcap-export
new file mode 100755
index 000000000..076b4eae6
--- /dev/null
+++ b/salt/common/tools/sbin/so-pcap-export
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+if [ $# -lt 2 ]; then
+ echo "Usage: $0 Output-Filename"
+ exit 1
+fi
+
+docker exec -it so-sensoroni scripts/stenoquery.sh "$1" -w /nsm/pcapout/$2.pcap
+
+echo ""
+echo "If successful, the output was written to: /nsm/pcapout/$2.pcap"
\ No newline at end of file
diff --git a/salt/common/tools/sbin/so-playbook-reset b/salt/common/tools/sbin/so-playbook-reset
index 9113fd2b8..ca1d3f57f 100755
--- a/salt/common/tools/sbin/so-playbook-reset
+++ b/salt/common/tools/sbin/so-playbook-reset
@@ -22,5 +22,5 @@ salt-call state.apply playbook.db_init,playbook,playbook.automation_user_create
/usr/sbin/so-soctopus-restart
echo "Importing Plays - this will take some time...."
-wait 5
-/usr/sbin/so-playbook-ruleupdate
\ No newline at end of file
+sleep 5
+/usr/sbin/so-playbook-ruleupdate
diff --git a/salt/common/tools/sbin/so-raid-status b/salt/common/tools/sbin/so-raid-status
index 11909e012..e7da94878 100755
--- a/salt/common/tools/sbin/so-raid-status
+++ b/salt/common/tools/sbin/so-raid-status
@@ -17,18 +17,6 @@
. /usr/sbin/so-common
-#check_boss_raid() {
-# BOSSBIN=/opt/boss/mvcli
-# BOSSRC=$($BOSSBIN info -o vd | grep functional)
-#
-# if [[ $BOSSRC ]]; then
-# # Raid is good
-# BOSSRAID=0
-# else
-# BOSSRAID=1
-# fi
-#}
-
check_lsi_raid() {
# For use for LSI on Ubuntu
#MEGA=/opt/MegaRAID/MegeCli/MegaCli64
@@ -66,13 +54,11 @@ mkdir -p /opt/so/log/raid
{%- if grains['sosmodel'] in ['SOSMN', 'SOSSNNV'] %}
#check_boss_raid
check_software_raid
-#echo "osraid=$BOSSRAID nsmraid=$SWRAID" > /opt/so/log/raid/status.log
-echo "osraid=1 nsmraid=$SWRAID" > /opt/so/log/raid/status.log
+echo "nsmraid=$SWRAID" > /opt/so/log/raid/status.log
{%- elif grains['sosmodel'] in ['SOS1000F', 'SOS1000', 'SOSSN7200', 'SOS10K', 'SOS4000'] %}
#check_boss_raid
check_lsi_raid
-#echo "osraid=$BOSSRAID nsmraid=$LSIRAID" > /opt/so/log/raid/status.log
-echo "osraid=1 nsmraid=$LSIRAID" > /opt/so/log/raid/status.log
+echo "nsmraid=$LSIRAID" > /opt/so/log/raid/status.log
{%- else %}
exit 0
{%- endif %}
diff --git a/salt/common/tools/sbin/so-suricata-testrule b/salt/common/tools/sbin/so-suricata-testrule
index ac4b81d3c..f9f23e70f 100755
--- a/salt/common/tools/sbin/so-suricata-testrule
+++ b/salt/common/tools/sbin/so-suricata-testrule
@@ -23,6 +23,11 @@ TESTPCAP=$2
. /usr/sbin/so-common
+if [ $# -lt 2 ]; then
+ echo "Usage: $0 "
+ exit 1
+fi
+
echo ""
echo "==============="
echo "Running all.rules and $TESTRULE against the following pcap: $TESTPCAP"
diff --git a/salt/common/tools/sbin/so-user b/salt/common/tools/sbin/so-user
index b97cc8a8b..f0c064d03 100755
--- a/salt/common/tools/sbin/so-user
+++ b/salt/common/tools/sbin/so-user
@@ -39,10 +39,18 @@ email=$2
kratosUrl=${KRATOS_URL:-http://127.0.0.1:4434}
databasePath=${KRATOS_DB_PATH:-/opt/so/conf/kratos/db/db.sqlite}
-argon2Iterations=${ARGON2_ITERATIONS:-3}
-argon2Memory=${ARGON2_MEMORY:-14}
-argon2Parallelism=${ARGON2_PARALLELISM:-2}
-argon2HashSize=${ARGON2_HASH_SIZE:-32}
+bcryptRounds=${BCRYPT_ROUNDS:-12}
+elasticUsersFile=${ELASTIC_USERS_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users}
+elasticRolesFile=${ELASTIC_ROLES_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users_roles}
+esUID=${ELASTIC_UID:-930}
+esGID=${ELASTIC_GID:-930}
+
+function lock() {
+ # Obtain file descriptor lock
+ exec 99>/var/tmp/so-user.lock || fail "Unable to create lock descriptor; if the system was not shutdown gracefully you may need to remove /var/tmp/so-user.lock manually."
+ flock -w 10 99 || fail "Another process is using so-user; if the system was not shutdown gracefully you may need to remove /var/tmp/so-user.lock manually."
+ trap 'rm -f /var/tmp/so-user.lock' EXIT
+}
function fail() {
msg=$1
@@ -58,7 +66,7 @@ function require() {
# Verify this environment is capable of running this script
function verifyEnvironment() {
- require "argon2"
+ require "htpasswd"
require "jq"
require "curl"
require "openssl"
@@ -95,6 +103,16 @@ function validateEmail() {
fi
}
+function hashPassword() {
+ password=$1
+
+ passwordHash=$(echo "${password}" | htpasswd -niBC $bcryptRounds SOUSER)
+ passwordHash=$(echo "$passwordHash" | cut -c 11-)
+ passwordHash="\$2a${passwordHash}" # still waiting for https://github.com/elastic/elasticsearch/issues/51132
+ echo "$passwordHash"
+}
+
+
function updatePassword() {
identityId=$1
@@ -111,15 +129,125 @@ function updatePassword() {
if [[ -n $identityId ]]; then
# Generate password hash
- salt=$(openssl rand -hex 8)
- passwordHash=$(echo "${password}" | argon2 ${salt} -id -t $argon2Iterations -m $argon2Memory -p $argon2Parallelism -l $argon2HashSize -e)
-
+ passwordHash=$(hashPassword "$password")
# Update DB with new hash
- echo "update identity_credentials set config=CAST('{\"hashed_password\":\"${passwordHash}\"}' as BLOB) where identity_id=${identityId};" | sqlite3 "$databasePath"
+ echo "update identity_credentials set config=CAST('{\"hashed_password\":\"$passwordHash\"}' as BLOB) where identity_id=${identityId};" | sqlite3 "$databasePath"
[[ $? != 0 ]] && fail "Unable to update password"
fi
}
+function createElasticFile() {
+ filename=$1
+ tmpFile=${filename}
+ truncate -s 0 "$tmpFile"
+ chmod 600 "$tmpFile"
+ chown "${esUID}:${esGID}" "$tmpFile"
+}
+
+function syncElasticSystemUser() {
+ json=$1
+ userid=$2
+ usersFile=$3
+
+ user=$(echo "$json" | jq -r ".local.users.$userid.user")
+ pass=$(echo "$json" | jq -r ".local.users.$userid.pass")
+
+ [[ -z "$user" || -z "$pass" ]] && fail "Elastic auth credentials for system user '$userid' are missing"
+ hash=$(hashPassword "$pass")
+
+ echo "${user}:${hash}" >> "$usersFile"
+}
+
+function syncElasticSystemRole() {
+ json=$1
+ userid=$2
+ role=$3
+ rolesFile=$4
+
+ user=$(echo "$json" | jq -r ".local.users.$userid.user")
+
+ [[ -z "$user" ]] && fail "Elastic auth credentials for system user '$userid' are missing"
+
+ echo "${role}:${user}" >> "$rolesFile"
+}
+
+function syncElastic() {
+ echo "Syncing users between SOC and Elastic..."
+ usersTmpFile="${elasticUsersFile}.tmp"
+ rolesTmpFile="${elasticRolesFile}.tmp"
+ createElasticFile "${usersTmpFile}"
+ createElasticFile "${rolesTmpFile}"
+
+ authPillarJson=$(lookup_salt_value "auth" "elasticsearch" "pillar" "json")
+
+ syncElasticSystemUser "$authPillarJson" "so_elastic_user" "$usersTmpFile"
+ syncElasticSystemRole "$authPillarJson" "so_elastic_user" "superuser" "$rolesTmpFile"
+
+ syncElasticSystemUser "$authPillarJson" "so_kibana_user" "$usersTmpFile"
+ syncElasticSystemRole "$authPillarJson" "so_kibana_user" "superuser" "$rolesTmpFile"
+
+ syncElasticSystemUser "$authPillarJson" "so_logstash_user" "$usersTmpFile"
+ syncElasticSystemRole "$authPillarJson" "so_logstash_user" "superuser" "$rolesTmpFile"
+
+ syncElasticSystemUser "$authPillarJson" "so_beats_user" "$usersTmpFile"
+ syncElasticSystemRole "$authPillarJson" "so_beats_user" "superuser" "$rolesTmpFile"
+
+ syncElasticSystemUser "$authPillarJson" "so_monitor_user" "$usersTmpFile"
+ syncElasticSystemRole "$authPillarJson" "so_monitor_user" "remote_monitoring_collector" "$rolesTmpFile"
+ syncElasticSystemRole "$authPillarJson" "so_monitor_user" "remote_monitoring_agent" "$rolesTmpFile"
+ syncElasticSystemRole "$authPillarJson" "so_monitor_user" "monitoring_user" "$rolesTmpFile"
+
+ if [[ -f "$databasePath" ]]; then
+ # Generate the new users file
+ echo "select '{\"user\":\"' || ici.identifier || '\", \"data\":' || ic.config || '}'" \
+ "from identity_credential_identifiers ici, identity_credentials ic " \
+ "where ici.identity_credential_id=ic.id and instr(ic.config, 'hashed_password') " \
+ "order by ici.identifier;" | \
+ sqlite3 "$databasePath" | \
+ jq -r '.user + ":" + .data.hashed_password' \
+ >> "$usersTmpFile"
+ [[ $? != 0 ]] && fail "Unable to read credential hashes from database"
+
+ # Generate the new users_roles file
+
+ echo "select 'superuser:' || ici.identifier " \
+ "from identity_credential_identifiers ici, identity_credentials ic " \
+ "where ici.identity_credential_id=ic.id and instr(ic.config, 'hashed_password') " \
+ "order by ici.identifier;" | \
+ sqlite3 "$databasePath" \
+ >> "$rolesTmpFile"
+ [[ $? != 0 ]] && fail "Unable to read credential IDs from database"
+ else
+ echo "Database file does not exist yet, skipping users export"
+ fi
+
+ if [[ -s "${usersTmpFile}" ]]; then
+ mv "${usersTmpFile}" "${elasticUsersFile}"
+ mv "${rolesTmpFile}" "${elasticRolesFile}"
+
+ if [[ -z "$SKIP_STATE_APPLY" ]]; then
+ echo "Elastic state will be re-applied to affected minions. This may take several minutes..."
+ echo "Applying elastic state to elastic minions at $(date)" >> /opt/so/log/soc/sync.log 2>&1
+ salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch or G@role:so-node or G@role:so-heavynode' state.apply elasticsearch queue=True >> /opt/so/log/soc/sync.log 2>&1
+ fi
+ else
+ echo "Newly generated users/roles files are incomplete; aborting."
+ fi
+}
+
+function syncAll() {
+ if [[ -z "$FORCE_SYNC" && -f "$databasePath" && -f "$elasticUsersFile" ]]; then
+ usersFileAgeSecs=$(echo $(($(date +%s) - $(date +%s -r "$elasticUsersFile"))))
+ staleCount=$(echo "select count(*) from identity_credentials where updated_at >= Datetime('now', '-${usersFileAgeSecs} seconds');" \
+ | sqlite3 "$databasePath")
+ if [[ "$staleCount" == "0" ]]; then
+ return 1
+ fi
+ fi
+ syncElastic
+ return 0
+}
+
function listUsers() {
response=$(curl -Ss -L ${kratosUrl}/identities)
[[ $? != 0 ]] && fail "Unable to communicate with Kratos"
@@ -208,12 +336,14 @@ case "${operation}" in
verifyEnvironment
[[ "$email" == "" ]] && fail "Email address must be provided"
+ lock
validateEmail "$email"
updatePassword
createUser "$email"
+ syncAll
echo "Successfully added new user to SOC"
- check_container thehive && echo $password | so-thehive-user-add "$email"
- check_container fleet && echo $password | so-fleet-user-add "$email"
+ check_container thehive && echo "$password" | so-thehive-user-add "$email"
+ check_container fleet && echo "$password" | so-fleet-user-add "$email"
;;
"list")
@@ -225,7 +355,9 @@ case "${operation}" in
verifyEnvironment
[[ "$email" == "" ]] && fail "Email address must be provided"
+ lock
updateUser "$email"
+ syncAll
echo "Successfully updated user"
;;
@@ -233,7 +365,9 @@ case "${operation}" in
verifyEnvironment
[[ "$email" == "" ]] && fail "Email address must be provided"
+ lock
updateStatus "$email" 'active'
+ syncAll
echo "Successfully enabled user"
check_container thehive && so-thehive-user-enable "$email" true
check_container fleet && so-fleet-user-enable "$email" true
@@ -243,7 +377,9 @@ case "${operation}" in
verifyEnvironment
[[ "$email" == "" ]] && fail "Email address must be provided"
+ lock
updateStatus "$email" 'locked'
+ syncAll
echo "Successfully disabled user"
check_container thehive && so-thehive-user-enable "$email" false
check_container fleet && so-fleet-user-enable "$email" false
@@ -253,12 +389,19 @@ case "${operation}" in
verifyEnvironment
[[ "$email" == "" ]] && fail "Email address must be provided"
+ lock
deleteUser "$email"
+ syncAll
echo "Successfully deleted user"
check_container thehive && so-thehive-user-enable "$email" false
check_container fleet && so-fleet-user-enable "$email" false
;;
+ "sync")
+ lock
+ syncAll
+ ;;
+
"validate")
validateEmail "$email"
updatePassword
@@ -280,4 +423,4 @@ case "${operation}" in
;;
esac
-exit 0
\ No newline at end of file
+exit 0
diff --git a/salt/common/tools/sbin/so-zeek-logs b/salt/common/tools/sbin/so-zeek-logs
index 551213580..f6df7f8aa 100755
--- a/salt/common/tools/sbin/so-zeek-logs
+++ b/salt/common/tools/sbin/so-zeek-logs
@@ -10,11 +10,10 @@ zeek_logs_enabled() {
}
whiptail_manager_adv_service_zeeklogs() {
- BLOGS=$(whiptail --title "Security Onion Setup" --checklist "Please Select Logs to Send:" 24 78 12 \
+ BLOGS=$(whiptail --title "so-zeek-logs" --checklist "Please Select Logs to Send:" 24 78 12 \
"conn" "Connection Logging" ON \
"dce_rpc" "RPC Logs" ON \
"dhcp" "DHCP Logs" ON \
- "dhcpv6" "DHCP IPv6 Logs" ON \
"dnp3" "DNP3 Logs" ON \
"dns" "DNS Logs" ON \
"dpd" "DPD Logs" ON \
@@ -25,25 +24,20 @@ whiptail_manager_adv_service_zeeklogs() {
"irc" "IRC Chat Logs" ON \
"kerberos" "Kerberos Logs" ON \
"modbus" "MODBUS Logs" ON \
- "mqtt" "MQTT Logs" ON \
"notice" "Zeek Notice Logs" ON \
"ntlm" "NTLM Logs" ON \
- "openvpn" "OPENVPN Logs" ON \
"pe" "PE Logs" ON \
"radius" "Radius Logs" ON \
"rfb" "RFB Logs" ON \
"rdp" "RDP Logs" ON \
- "signatures" "Signatures Logs" ON \
"sip" "SIP Logs" ON \
"smb_files" "SMB Files Logs" ON \
"smb_mapping" "SMB Mapping Logs" ON \
"smtp" "SMTP Logs" ON \
"snmp" "SNMP Logs" ON \
- "software" "Software Logs" ON \
"ssh" "SSH Logs" ON \
"ssl" "SSL Logs" ON \
"syslog" "Syslog Logs" ON \
- "telnet" "Telnet Logs" ON \
"tunnel" "Tunnel Logs" ON \
"weird" "Zeek Weird Logs" ON \
"mysql" "MySQL Logs" ON \
@@ -61,10 +55,10 @@ whiptail_manager_adv_service_zeeklogs
return_code=$?
case $return_code in
1)
- whiptail --title "Security Onion Setup" --msgbox "Cancelling. No changes have been made." 8 75
+ whiptail --title "so-zeek-logs" --msgbox "Cancelling. No changes have been made." 8 75
;;
255)
- whiptail --title "Security Onion Setup" --msgbox "Whiptail error occured, exiting." 8 75
+ whiptail --title "so-zeek-logs" --msgbox "Whiptail error occured, exiting." 8 75
;;
*)
zeek_logs_enabled
diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index f508e8aa8..bc95c5428 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -18,12 +18,82 @@
. /usr/sbin/so-common
UPDATE_DIR=/tmp/sogh/securityonion
+DEFAULT_SALT_DIR=/opt/so/saltstack/default
INSTALLEDVERSION=$(cat /etc/soversion)
POSTVERSION=$INSTALLEDVERSION
-INSTALLEDSALTVERSION=$(salt --versions-report | grep Salt: | awk {'print $2'})
+INSTALLEDSALTVERSION=$(salt --versions-report | grep Salt: | awk '{print $2}')
BATCHSIZE=5
SOUP_LOG=/root/soup.log
+INFLUXDB_MIGRATION_LOG=/opt/so/log/influxdb/soup_migration.log
WHATWOULDYOUSAYYAHDOHERE=soup
+whiptail_title='Security Onion UPdater'
+
+check_err() {
+ local exit_code=$1
+ local err_msg="Unhandled error occured, please check $SOUP_LOG for details."
+
+ [[ $ERR_HANDLED == true ]] && exit $exit_code
+ if [[ $exit_code -ne 0 ]]; then
+ printf '%s' "Soup failed with error $exit_code: "
+ case $exit_code in
+ 2)
+ echo 'No such file or directory'
+ ;;
+ 5)
+ echo 'Interrupted system call'
+ ;;
+ 12)
+ echo 'Out of memory'
+ ;;
+ 28)
+ echo 'No space left on device'
+ echo 'Likely ran out of space on disk, please review hardware requirements for Security Onion: https://docs.securityonion.net/en/2.3/hardware.html'
+ ;;
+ 30)
+ echo 'Read-only file system'
+ ;;
+ 35)
+ echo 'Resource temporarily unavailable'
+ ;;
+ 64)
+ echo 'Machine is not on the network'
+ ;;
+ 67)
+ echo 'Link has been severed'
+ ;;
+ 100)
+ echo 'Network is down'
+ ;;
+ 101)
+ echo 'Network is unreachable'
+ ;;
+ 102)
+ echo 'Network reset'
+ ;;
+ 110)
+ echo 'Connection timed out'
+ ;;
+ 111)
+ echo 'Connection refused'
+ ;;
+ 112)
+ echo 'Host is down'
+ ;;
+ 113)
+ echo 'No route to host'
+ ;;
+ *)
+ echo 'Unhandled error'
+ echo "$err_msg"
+ ;;
+ esac
+ if [[ $exit_code -ge 64 && $exit_code -le 113 ]]; then
+ echo "$err_msg"
+ fi
+ exit $exit_code
+ fi
+
+}
add_common() {
cp $UPDATE_DIR/salt/common/tools/sbin/so-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/
@@ -39,15 +109,14 @@ airgap_mounted() {
echo "The ISO is already mounted"
else
echo ""
- echo "Looks like we need access to the upgrade content"
- echo ""
- echo "If you just copied the .iso file over you can specify the path."
- echo "If you burned the ISO to a disk the standard way you can specify the device."
- echo "Example: /home/user/securityonion-2.X.0.iso"
- echo "Example: /dev/sdx1"
- echo ""
- read -p 'Enter the location of the iso: ' ISOLOC
- if [ -f $ISOLOC ]; then
+ cat << EOF
+In order for soup to proceed, the path to the downloaded Security Onion ISO file, or the path to the CD-ROM or equivalent device containing the ISO media must be provided.
+For example, if you have copied the new Security Onion ISO file to your home directory, then the path might look like /home/myuser/securityonion-2.x.y.iso.
+Or, if you have burned the new ISO onto an optical disk then the path might look like /dev/cdrom.
+
+EOF
+ read -rp 'Enter the path to the new Security Onion ISO content: ' ISOLOC
+ if [[ -f $ISOLOC ]]; then
# Mounting the ISO image
mkdir -p /tmp/soagupdate
mount -t iso9660 -o loop $ISOLOC /tmp/soagupdate
@@ -59,7 +128,7 @@ airgap_mounted() {
else
echo "ISO has been mounted!"
fi
- elif [ -f $ISOLOC/SecurityOnion/VERSION ]; then
+ elif [[ -f $ISOLOC/SecurityOnion/VERSION ]]; then
ln -s $ISOLOC /tmp/soagupdate
echo "Found the update content"
else
@@ -77,9 +146,9 @@ airgap_mounted() {
}
airgap_update_dockers() {
- if [ $is_airgap -eq 0 ]; then
+ if [[ $is_airgap -eq 0 ]]; then
# Let's copy the tarball
- if [ ! -f $AGDOCKER/registry.tar ]; then
+ if [[ ! -f $AGDOCKER/registry.tar ]]; then
echo "Unable to locate registry. Exiting"
exit 1
else
@@ -87,9 +156,9 @@ airgap_update_dockers() {
docker stop so-dockerregistry
docker rm so-dockerregistry
echo "Copying the new dockers over"
- tar xvf $AGDOCKER/registry.tar -C /nsm/docker-registry/docker
+ tar xvf "$AGDOCKER/registry.tar" -C /nsm/docker-registry/docker
echo "Add Registry back"
- docker load -i $AGDOCKER/registry_image.tar
+ docker load -i "$AGDOCKER/registry_image.tar"
fi
fi
}
@@ -100,10 +169,23 @@ update_registry() {
salt-call state.apply registry queue=True
}
+check_airgap() {
+ # See if this is an airgap install
+ AIRGAP=$(cat /opt/so/saltstack/local/pillar/global.sls | grep airgap: | awk '{print $2}')
+ if [[ "$AIRGAP" == "True" ]]; then
+ is_airgap=0
+ UPDATE_DIR=/tmp/soagupdate/SecurityOnion
+ AGDOCKER=/tmp/soagupdate/docker
+ AGREPO=/tmp/soagupdate/Packages
+ else
+ is_airgap=1
+ fi
+}
+
check_sudoers() {
- if grep -q "so-setup" /etc/sudoers; then
- echo "There is an entry for so-setup in the sudoers file, this can be safely deleted using \"visudo\"."
- fi
+ if grep -q "so-setup" /etc/sudoers; then
+ echo "There is an entry for so-setup in the sudoers file, this can be safely deleted using \"visudo\"."
+ fi
}
check_log_size_limit() {
@@ -177,7 +259,9 @@ check_os_updates() {
echo "Continuing without updating packages"
elif [[ "$confirm" == [uU] ]]; then
echo "Applying Grid Updates"
- salt \* -b 5 state.apply patch.os queue=True
+ set +e
+ run_check_net_err "salt '*' -b 5 state.apply patch.os queue=True" 'Could not apply OS updates, please check your network connection.'
+ set -e
else
echo "Exiting soup"
exit 0
@@ -257,6 +341,7 @@ preupgrade_changes() {
[[ "$INSTALLEDVERSION" == 2.3.0 || "$INSTALLEDVERSION" == 2.3.1 || "$INSTALLEDVERSION" == 2.3.2 || "$INSTALLEDVERSION" == 2.3.10 ]] && up_2.3.0_to_2.3.20
[[ "$INSTALLEDVERSION" == 2.3.20 || "$INSTALLEDVERSION" == 2.3.21 ]] && up_2.3.2X_to_2.3.30
[[ "$INSTALLEDVERSION" == 2.3.30 || "$INSTALLEDVERSION" == 2.3.40 ]] && up_2.3.3X_to_2.3.50
+ true
}
postupgrade_changes() {
@@ -266,6 +351,8 @@ postupgrade_changes() {
[[ "$POSTVERSION" =~ rc.1 ]] && post_rc1_to_rc2
[[ "$POSTVERSION" == 2.3.20 || "$POSTVERSION" == 2.3.21 ]] && post_2.3.2X_to_2.3.30
[[ "$POSTVERSION" == 2.3.30 ]] && post_2.3.30_to_2.3.40
+ [[ "$POSTVERSION" == 2.3.50 ]] && post_2.3.5X_to_2.3.60
+ true
}
post_rc1_to_2.3.21() {
@@ -286,6 +373,10 @@ post_2.3.30_to_2.3.40() {
POSTVERSION=2.3.40
}
+post_2.3.5X_to_2.3.60() {
+ POSTVERSION=2.3.60
+}
+
rc1_to_rc2() {
@@ -419,7 +510,7 @@ up_2.3.2X_to_2.3.30() {
sed -i "/ imagerepo: securityonion/c\ imagerepo: 'security-onion-solutions'" /opt/so/saltstack/local/pillar/global.sls
# Strelka rule repo pillar addition
- if [ $is_airgap -eq 0 ]; then
+ if [[ $is_airgap -eq 0 ]]; then
# Add manager as default Strelka YARA rule repo
sed -i "/^strelka:/a \\ repos: \n - https://$HOSTNAME/repo/rules/strelka" /opt/so/saltstack/local/pillar/global.sls;
else
@@ -446,7 +537,7 @@ upgrade_to_2.3.50_repo() {
rm -f "/etc/yum.repos.d/$DELREPO.repo"
fi
done
- if [ $is_airgap -eq 1 ]; then
+ if [[ $is_airgap -eq 1 ]]; then
# Copy the new repo file if not airgap
cp $UPDATE_DIR/salt/repo/client/files/centos/securityonion.repo /etc/yum.repos.d/
yum clean all
@@ -562,7 +653,7 @@ upgrade_check() {
# Let's make sure we actually need to update.
NEWVERSION=$(cat $UPDATE_DIR/VERSION)
HOTFIXVERSION=$(cat $UPDATE_DIR/HOTFIX)
- CURRENTHOTFIX=$(cat /etc/sohotfix 2>/dev/null)
+ [[ -f /etc/sohotfix ]] && CURRENTHOTFIX=$(cat /etc/sohotfix)
if [ "$INSTALLEDVERSION" == "$NEWVERSION" ]; then
echo "Checking to see if there are hotfixes needed"
if [ "$HOTFIXVERSION" == "$CURRENTHOTFIX" ]; then
@@ -579,13 +670,14 @@ upgrade_check() {
}
upgrade_check_salt() {
- NEWSALTVERSION=$(grep version: $UPDATE_DIR/salt/salt/master.defaults.yaml | awk {'print $2'})
+ NEWSALTVERSION=$(grep version: $UPDATE_DIR/salt/salt/master.defaults.yaml | awk '{print $2}')
if [ "$INSTALLEDSALTVERSION" == "$NEWSALTVERSION" ]; then
echo "You are already running the correct version of Salt for Security Onion."
else
UPGRADESALT=1
fi
}
+
upgrade_salt() {
SALTUPGRADED=True
echo "Performing upgrade of Salt from $INSTALLEDSALTVERSION to $NEWSALTVERSION."
@@ -597,7 +689,11 @@ upgrade_salt() {
yum versionlock delete "salt-*"
echo "Updating Salt packages and restarting services."
echo ""
- sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -r -F -M -x python3 stable "$NEWSALTVERSION"
+ set +e
+ run_check_net_err \
+ "sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -r -F -M -x python3 stable \"$NEWSALTVERSION\"" \
+ "Could not update salt, please check $SOUP_LOG for details."
+ set -e
echo "Applying yum versionlock for Salt."
echo ""
yum versionlock add "salt-*"
@@ -610,7 +706,11 @@ upgrade_salt() {
apt-mark unhold "salt-minion"
echo "Updating Salt packages and restarting services."
echo ""
- sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -F -M -x python3 stable "$NEWSALTVERSION"
+ set +e
+ run_check_net_err \
+ "sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -F -M -x python3 stable \"$NEWSALTVERSION\"" \
+ "Could not update salt, please check $SOUP_LOG for details."
+ set -e
echo "Applying apt hold for Salt."
echo ""
apt-mark hold "salt-common"
@@ -635,222 +735,248 @@ verify_latest_update_script() {
cp $UPDATE_DIR/salt/common/tools/sbin/soup $DEFAULT_SALT_DIR/salt/common/tools/sbin/
cp $UPDATE_DIR/salt/common/tools/sbin/so-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/
cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/
- salt-call state.apply common queue=True
+ salt-call state.apply -l info common queue=True
echo ""
echo "soup has been updated. Please run soup again."
exit 0
fi
}
-main () {
-echo "### Preparing soup at `date` ###"
-while getopts ":b" opt; do
- case "$opt" in
- b ) # process option b
- shift
- BATCHSIZE=$1
- if ! [[ "$BATCHSIZE" =~ ^[0-9]+$ ]]; then
- echo "Batch size must be a number greater than 0."
- exit 1
- fi
- ;;
- \? )
- echo "Usage: cmd [-b]"
- ;;
- esac
-done
-
-echo "Checking to see if this is a manager."
-echo ""
-require_manager
-set_minionid
-echo "Checking to see if this is an airgap install"
-echo ""
-check_airgap
-echo "Found that Security Onion $INSTALLEDVERSION is currently installed."
-echo ""
-set_os
-set_palette
-check_elastic_license
-echo ""
-if [ $is_airgap -eq 0 ]; then
- # Let's mount the ISO since this is airgap
- airgap_mounted
-else
- echo "Cloning Security Onion github repo into $UPDATE_DIR."
- echo "Removing previous upgrade sources."
- rm -rf $UPDATE_DIR
- clone_to_tmp
-fi
-check_os_updates
-echo ""
-echo "Verifying we have the latest soup script."
-verify_latest_update_script
-echo ""
-
-echo "Generating new repo archive"
-generate_and_clean_tarballs
-if [ -f /usr/sbin/so-image-common ]; then
- . /usr/sbin/so-image-common
-else
-add_common
-fi
-
-echo "Let's see if we need to update Security Onion."
-upgrade_check
-upgrade_space
-
-echo "Checking for Salt Master and Minion updates."
-upgrade_check_salt
-
-
-if [ "$is_hotfix" == "true" ]; then
- echo "Applying $HOTFIXVERSION"
- copy_new_files
- echo ""
- update_version
- salt-call state.highstate -l info queue=True
+main() {
+ set -e
+ set +e
+ trap 'check_err $?' EXIT
-else
- echo ""
- echo "Performing upgrade from Security Onion $INSTALLEDVERSION to Security Onion $NEWVERSION."
- echo ""
-
- echo "Updating dockers to $NEWVERSION."
- if [ $is_airgap -eq 0 ]; then
- airgap_update_dockers
- update_centos_repo
- yum clean all
- check_os_updates
- else
- update_registry
- update_docker_containers "soup"
- fi
-
- echo ""
- echo "Stopping Salt Minion service."
- systemctl stop salt-minion
- echo "Killing any remaining Salt Minion processes."
- pkill -9 -ef /usr/bin/salt-minion
- echo ""
- echo "Stopping Salt Master service."
- systemctl stop salt-master
- echo ""
-
- upgrade_to_2.3.50_repo
-
- # Does salt need upgraded. If so update it.
- if [ "$UPGRADESALT" == "1" ]; then
- echo "Upgrading Salt"
- # Update the repo files so it can actually upgrade
- upgrade_salt
- fi
-
- echo "Checking if Salt was upgraded."
- echo ""
- # Check that Salt was upgraded
- SALTVERSIONPOSTUPGRADE=$(salt --versions-report | grep Salt: | awk {'print $2'})
- if [[ "$SALTVERSIONPOSTUPGRADE" != "$NEWSALTVERSION" ]]; then
- echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG."
- echo "Once the issue is resolved, run soup again."
- echo "Exiting."
- echo ""
- exit 1
- else
- echo "Salt upgrade success."
- echo ""
- fi
-
- preupgrade_changes
- echo ""
-
- if [ $is_airgap -eq 0 ]; then
- echo "Updating Rule Files to the Latest."
- update_airgap_rules
- fi
-
- # Only update the repo if its airgap
- if [[ $is_airgap -eq 0 ]] && [[ "$UPGRADESALT" != "1" ]]; then
- update_centos_repo
- fi
-
- echo ""
- echo "Copying new Security Onion code from $UPDATE_DIR to $DEFAULT_SALT_DIR."
- copy_new_files
- echo ""
- update_version
-
- echo ""
- echo "Locking down Salt Master for upgrade"
- masterlock
-
- echo ""
- echo "Starting Salt Master service."
- systemctl start salt-master
-
- # Only regenerate osquery packages if Fleet is enabled
- FLEET_MANAGER=$(lookup_pillar fleet_manager)
- FLEET_NODE=$(lookup_pillar fleet_node)
- if [[ "$FLEET_MANAGER" == "True" || "$FLEET_NODE" == "True" ]]; then
- echo ""
- echo "Regenerating Osquery Packages.... This will take several minutes."
- salt-call state.apply fleet.event_gen-packages -l info queue=True
- echo ""
- fi
-
- echo ""
- echo "Running a highstate to complete the Security Onion upgrade on this manager. This could take several minutes."
- salt-call state.highstate -l info queue=True
- echo ""
- echo "Upgrade from $INSTALLEDVERSION to $NEWVERSION complete."
-
- echo ""
- echo "Stopping Salt Master to remove ACL"
- systemctl stop salt-master
-
- masterunlock
-
- echo ""
- echo "Starting Salt Master service."
- systemctl start salt-master
- echo "Running a highstate. This could take several minutes."
- salt-call state.highstate -l info queue=True
- postupgrade_changes
- unmount_update
- thehive_maint
-
- if [ "$UPGRADESALT" == "1" ]; then
- if [ $is_airgap -eq 0 ]; then
- echo ""
- echo "Cleaning repos on remote Security Onion nodes."
- salt -C 'not *_eval and not *_helixsensor and not *_manager and not *_managersearch and not *_standalone and G@os:CentOS' cmd.run "yum clean all"
- echo ""
- fi
- fi
-
- check_sudoers
-
- if [[ -n $lsl_msg ]]; then
- case $lsl_msg in
- 'distributed')
- echo "[INFO] The value of log_size_limit in any heavy node minion pillars may be incorrect."
- echo " -> We recommend checking and adjusting the values as necessary."
- echo " -> Minion pillar directory: /opt/so/saltstack/local/pillar/minions/"
+ echo "### Preparing soup at $(date) ###"
+ while getopts ":b" opt; do
+ case "$opt" in
+ b ) # process option b
+ shift
+ BATCHSIZE=$1
+ if ! [[ "$BATCHSIZE" =~ ^[0-9]+$ ]]; then
+ echo "Batch size must be a number greater than 0."
+ exit 1
+ fi
;;
- 'single-node')
- # We can assume the lsl_details array has been set if lsl_msg has this value
- echo "[WARNING] The value of log_size_limit (${lsl_details[0]}) does not match the recommended value of ${lsl_details[1]}."
- echo " -> We recommend checking and adjusting the value as necessary."
- echo " -> File: /opt/so/saltstack/local/pillar/minions/${lsl_details[2]}.sls"
+ \? )
+ echo "Usage: cmd [-b]"
;;
esac
+ done
+
+ echo "Checking to see if this is a manager."
+ echo ""
+ require_manager
+ set_minionid
+ echo "Checking to see if this is an airgap install."
+ echo ""
+ check_airgap
+ echo "Found that Security Onion $INSTALLEDVERSION is currently installed."
+ echo ""
+ if [[ $is_airgap -eq 0 ]]; then
+ # Let's mount the ISO since this is airgap
+ echo "This is airgap. Ask for a location."
+ airgap_mounted
+ else
+ echo "Cloning Security Onion github repo into $UPDATE_DIR."
+ echo "Removing previous upgrade sources."
+ rm -rf $UPDATE_DIR
+ echo "Cloning the Security Onion Repo."
+ clone_to_tmp
+ fi
+ echo "Verifying we have the latest soup script."
+ verify_latest_update_script
+ echo ""
+ set_os
+ set_palette
+ check_elastic_license
+ echo ""
+ check_os_updates
+
+ echo "Generating new repo archive"
+ generate_and_clean_tarballs
+ if [ -f /usr/sbin/so-image-common ]; then
+ . /usr/sbin/so-image-common
+ else
+ add_common
fi
- NUM_MINIONS=$(ls /opt/so/saltstack/local/pillar/minions/*_*.sls | wc -l)
+ echo "Let's see if we need to update Security Onion."
+ upgrade_check
+ upgrade_space
- if [ $NUM_MINIONS -gt 1 ]; then
+ echo "Checking for Salt Master and Minion updates."
+ upgrade_check_salt
+ set -e
- cat << EOF
+ if [ "$is_hotfix" == "true" ]; then
+ echo "Applying $HOTFIXVERSION"
+ copy_new_files
+ echo ""
+ update_version
+ salt-call state.highstate -l info queue=True
+ else
+ echo ""
+ echo "Performing upgrade from Security Onion $INSTALLEDVERSION to Security Onion $NEWVERSION."
+ echo ""
+
+ echo "Updating dockers to $NEWVERSION."
+ if [[ $is_airgap -eq 0 ]]; then
+ airgap_update_dockers
+ update_centos_repo
+ yum clean all
+ check_os_updates
+ else
+ update_registry
+ set +e
+ update_docker_containers "soup"
+ set -e
+ fi
+
+ echo ""
+ echo "Stopping Salt Minion service."
+ systemctl stop salt-minion
+ echo "Killing any remaining Salt Minion processes."
+ set +e
+ pkill -9 -ef /usr/bin/salt-minion
+ set -e
+ echo ""
+ echo "Stopping Salt Master service."
+ systemctl stop salt-master
+ echo ""
+
+ upgrade_to_2.3.50_repo
+
+ # Does salt need upgraded. If so update it.
+ if [[ $UPGRADESALT -eq 1 ]]; then
+ echo "Upgrading Salt"
+ # Update the repo files so it can actually upgrade
+ upgrade_salt
+ fi
+
+ echo "Checking if Salt was upgraded."
+ echo ""
+ # Check that Salt was upgraded
+ SALTVERSIONPOSTUPGRADE=$(salt --versions-report | grep Salt: | awk '{print $2}')
+ if [[ "$SALTVERSIONPOSTUPGRADE" != "$NEWSALTVERSION" ]]; then
+ echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG."
+ echo "Once the issue is resolved, run soup again."
+ echo "Exiting."
+ echo ""
+ exit 1
+ else
+ echo "Salt upgrade success."
+ echo ""
+ fi
+
+ preupgrade_changes
+ echo ""
+
+ if [[ $is_airgap -eq 0 ]]; then
+ echo "Updating Rule Files to the Latest."
+ update_airgap_rules
+ fi
+
+ # Only update the repo if its airgap
+ if [[ $is_airgap -eq 0 && $UPGRADESALT -ne 1 ]]; then
+ update_centos_repo
+ fi
+
+ echo ""
+ echo "Copying new Security Onion code from $UPDATE_DIR to $DEFAULT_SALT_DIR."
+ copy_new_files
+ echo ""
+ update_version
+
+ echo ""
+ echo "Locking down Salt Master for upgrade"
+ masterlock
+
+ echo ""
+ echo "Starting Salt Master service."
+ systemctl start salt-master
+
+ # Testing that salt-master is up by checking that is it connected to itself
+ set +e
+ echo "Waiting on the Salt Master service to be ready."
+ salt-call state.show_top -l error queue=True || fail "salt-master could not be reached. Check $SOUP_LOG for details."
+ set -e
+
+ echo ""
+ echo "Ensuring python modules for Salt are installed and patched."
+ salt-call state.apply salt.python3-influxdb -l info queue=True
+ echo ""
+
+ # Only regenerate osquery packages if Fleet is enabled
+ FLEET_MANAGER=$(lookup_pillar fleet_manager)
+ FLEET_NODE=$(lookup_pillar fleet_node)
+ if [[ "$FLEET_MANAGER" == "True" || "$FLEET_NODE" == "True" ]]; then
+ echo ""
+ echo "Regenerating Osquery Packages.... This will take several minutes."
+ salt-call state.apply fleet.event_gen-packages -l info queue=True
+ echo ""
+ fi
+
+ echo ""
+ echo "Running a highstate to complete the Security Onion upgrade on this manager. This could take several minutes."
+ set +e
+ salt-call state.highstate -l info queue=True
+ set -e
+ echo ""
+ echo "Upgrade from $INSTALLEDVERSION to $NEWVERSION complete."
+
+ echo ""
+ echo "Stopping Salt Master to remove ACL"
+ systemctl stop salt-master
+
+ masterunlock
+
+ echo ""
+ echo "Starting Salt Master service."
+ systemctl start salt-master
+
+ set +e
+ echo "Waiting on the Salt Master service to be ready."
+ salt-call state.show_top -l error queue=True || fail "salt-master could not be reached. Check $SOUP_LOG for details."
+ set -e
+
+ echo "Running a highstate. This could take several minutes."
+ salt-call state.highstate -l info queue=True
+ postupgrade_changes
+ [[ $is_airgap -eq 0 ]] && unmount_update
+ thehive_maint
+
+ NUM_MINIONS=$(ls /opt/so/saltstack/local/pillar/minions/*_*.sls | wc -l)
+ if [[ $UPGRADESALT -eq 1 ]] && [[ $NUM_MINIONS -gt 1 ]]; then
+ if [[ $is_airgap -eq 0 ]]; then
+ echo ""
+ echo "Cleaning repos on remote Security Onion nodes."
+ salt -C 'not *_eval and not *_helixsensor and not *_manager and not *_managersearch and not *_standalone and G@os:CentOS' cmd.run "yum clean all"
+ echo ""
+ fi
+ fi
+
+ check_sudoers
+
+ if [[ -n $lsl_msg ]]; then
+ case $lsl_msg in
+ 'distributed')
+ echo "[INFO] The value of log_size_limit in any heavy node minion pillars may be incorrect."
+ echo " -> We recommend checking and adjusting the values as necessary."
+ echo " -> Minion pillar directory: /opt/so/saltstack/local/pillar/minions/"
+ ;;
+ 'single-node')
+ # We can assume the lsl_details array has been set if lsl_msg has this value
+ echo "[WARNING] The value of log_size_limit (${lsl_details[0]}) does not match the recommended value of ${lsl_details[1]}."
+ echo " -> We recommend checking and adjusting the value as necessary."
+ echo " -> File: /opt/so/saltstack/local/pillar/minions/${lsl_details[2]}.sls"
+ ;;
+ esac
+ fi
+
+ if [[ $NUM_MINIONS -gt 1 ]]; then
+
+ cat << EOF
@@ -864,10 +990,10 @@ For more information, please see https://docs.securityonion.net/en/2.3/soup.html
EOF
+ fi
fi
-fi
-echo "### soup has been served at `date` ###"
+ echo "### soup has been served at $(date) ###"
}
cat << EOF
@@ -882,6 +1008,7 @@ Press Enter to continue or Ctrl-C to cancel.
EOF
-read input
+read -r input
main "$@" | tee -a $SOUP_LOG
+
diff --git a/salt/curator/files/bin/so-curator-closed-delete-delete b/salt/curator/files/bin/so-curator-closed-delete-delete
index 9cc94833c..7dd7b82e7 100755
--- a/salt/curator/files/bin/so-curator-closed-delete-delete
+++ b/salt/curator/files/bin/so-curator-closed-delete-delete
@@ -34,7 +34,7 @@ overlimit() {
closedindices() {
- INDICES=$(curl -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed 2> /dev/null)
+ INDICES=$({{ ELASTICCURL }} -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed 2> /dev/null)
[ $? -eq 1 ] && return false
echo ${INDICES} | grep -q -E "(logstash-|so-)"
}
@@ -49,10 +49,10 @@ while overlimit && closedindices; do
# First, get the list of closed indices using _cat/indices?h=index\&expand_wildcards=closed.
# Then, sort by date by telling sort to use hyphen as delimiter and then sort on the third field.
# Finally, select the first entry in that sorted list.
- OLDEST_INDEX=$(curl -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed | grep -E "(logstash-|so-)" | sort -t- -k3 | head -1)
+ OLDEST_INDEX=$({{ ELASTICCURL }} -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed | grep -E "(logstash-|so-)" | sort -t- -k3 | head -1)
# Now that we've determined OLDEST_INDEX, ask Elasticsearch to delete it.
- curl -XDELETE -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/${OLDEST_INDEX}
+ {{ ELASTICCURL }} -XDELETE -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/${OLDEST_INDEX}
# Finally, write a log entry that says we deleted it.
echo "$(date) - Used disk space exceeds LOG_SIZE_LIMIT ({{LOG_SIZE_LIMIT}} GB) - Index ${OLDEST_INDEX} deleted ..." >> ${LOG}
diff --git a/salt/curator/files/curator.yml b/salt/curator/files/curator.yml
index 7d86ccc04..bdde14fc1 100644
--- a/salt/curator/files/curator.yml
+++ b/salt/curator/files/curator.yml
@@ -3,6 +3,13 @@
{% elif grains['role'] in ['so-eval', 'so-managersearch', 'so-standalone'] %}
{%- set elasticsearch = salt['pillar.get']('manager:mainip', '') -%}
{%- endif %}
+{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
+{%- else %}
+{%- set ES_USER = '' %}
+{%- set ES_PASS = '' %}
+{%- endif %}
---
# Remember, leave a key empty if there is no value. None will be a string,
@@ -11,6 +18,10 @@ client:
hosts:
- {{elasticsearch}}
port: 9200
+{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+ username: {{ ES_USER }}
+ password: {{ ES_PASS }}
+{% endif %}
url_prefix:
use_ssl: True
certificate:
diff --git a/salt/curator/init.sls b/salt/curator/init.sls
index 245b700d0..48a10b4b8 100644
--- a/salt/curator/init.sls
+++ b/salt/curator/init.sls
@@ -5,6 +5,7 @@
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{% set MANAGER = salt['grains.get']('master') %}
{% if grains['role'] in ['so-eval', 'so-node', 'so-managersearch', 'so-heavynode', 'so-standalone'] %}
+ {% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %}
# Curator
# Create the group
curatorgroup:
@@ -48,6 +49,7 @@ curconf:
- source: salt://curator/files/curator.yml
- user: 934
- group: 939
+ - mode: 660
- template: jinja
curcloseddel:
@@ -66,6 +68,8 @@ curcloseddeldel:
- group: 939
- mode: 755
- template: jinja
+ - defaults:
+ ELASTICCURL: {{ ELASTICAUTH.elasticcurl }}
curclose:
file.managed:
@@ -147,4 +151,4 @@ append_so-curator_so-status.conf:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
-{% endif %}
\ No newline at end of file
+{% endif %}
diff --git a/salt/elastalert/defaults.yaml b/salt/elastalert/defaults.yaml
index ad675b8ee..9bfb4f188 100644
--- a/salt/elastalert/defaults.yaml
+++ b/salt/elastalert/defaults.yaml
@@ -1,3 +1,5 @@
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
elastalert:
config:
rules_folder: /opt/elastalert/rules/
@@ -19,8 +21,10 @@ elastalert:
use_ssl: true
verify_certs: false
#es_send_get_body_as: GET
- #es_username: someusername
- #es_password: somepassword
+{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+ es_username: {{ ES_USER }}
+ es_password: {{ ES_PASS }}
+{%- endif %}
writeback_index: elastalert_status
alert_time_limit:
days: 2
@@ -45,4 +49,4 @@ elastalert:
level: INFO
handlers:
- file
- propagate: false
\ No newline at end of file
+ propagate: false
diff --git a/salt/elastalert/files/modules/so/playbook-es.py b/salt/elastalert/files/modules/so/playbook-es.py
index ab2327ab7..bae967001 100644
--- a/salt/elastalert/files/modules/so/playbook-es.py
+++ b/salt/elastalert/files/modules/so/playbook-es.py
@@ -12,16 +12,21 @@ class PlaybookESAlerter(Alerter):
Use matched data to create alerts in elasticsearch
"""
- required_options = set(['play_title','play_url','sigma_level','elasticsearch_host'])
+ required_options = set(['play_title','play_url','sigma_level'])
def alert(self, matches):
for match in matches:
today = strftime("%Y.%m.%d", gmtime())
timestamp = strftime("%Y-%m-%d"'T'"%H:%M:%S"'.000Z', gmtime())
headers = {"Content-Type": "application/json"}
+
+ creds = None
+ if 'es_username' in self.rule and 'es_password' in self.rule:
+ creds = (self.rule['es_username'], self.rule['es_password'])
+
payload = {"rule": { "name": self.rule['play_title'],"case_template": self.rule['play_id'],"uuid": self.rule['play_id'],"category": self.rule['rule.category']},"event":{ "severity": self.rule['event.severity'],"module": self.rule['event.module'],"dataset": self.rule['event.dataset'],"severity_label": self.rule['sigma_level']},"kibana_pivot": self.rule['kibana_pivot'],"soc_pivot": self.rule['soc_pivot'],"play_url": self.rule['play_url'],"sigma_level": self.rule['sigma_level'],"event_data": match, "@timestamp": timestamp}
- url = f"https://{self.rule['elasticsearch_host']}/so-playbook-alerts-{today}/_doc/"
- requests.post(url, data=json.dumps(payload), headers=headers, verify=False)
+ url = f"https://{self.rule['es_host']}:{self.rule['es_port']}/so-playbook-alerts-{today}/_doc/"
+ requests.post(url, data=json.dumps(payload), headers=headers, verify=False, auth=creds)
def get_info(self):
return {'type': 'PlaybookESAlerter'}
\ No newline at end of file
diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls
index 8fcb46cda..f3f4af3f9 100644
--- a/salt/elastalert/init.sls
+++ b/salt/elastalert/init.sls
@@ -99,14 +99,12 @@ elastaconf:
elastalert_config: {{ elastalert_config.elastalert.config }}
- user: 933
- group: 933
+ - mode: 660
- template: jinja
wait_for_elasticsearch:
- module.run:
- - http.wait_for_successful_query:
- - url: 'https://{{MANAGER}}:9200/_cat/indices/.kibana*'
- - wait_for: 180
- - verify_ssl: False
+ cmd.run:
+ - name: so-elasticsearch-wait
so-elastalert:
docker_container.running:
@@ -123,7 +121,7 @@ so-elastalert:
- extra_hosts:
- {{MANAGER_URL}}:{{MANAGER_IP}}
- require:
- - module: wait_for_elasticsearch
+ - cmd: wait_for_elasticsearch
- watch:
- file: elastaconf
diff --git a/salt/elasticsearch/auth.map.jinja b/salt/elasticsearch/auth.map.jinja
new file mode 100644
index 000000000..3c3b42cdc
--- /dev/null
+++ b/salt/elasticsearch/auth.map.jinja
@@ -0,0 +1,7 @@
+{% set ELASTICAUTH = salt['pillar.filter_by']({
+ True: {
+ 'user': salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user'),
+ 'pass': salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass'),
+ 'elasticcurl':'curl -K /opt/so/conf/elasticsearch/curl.config' },
+ False: {'elasticcurl': 'curl'},
+}, pillar='elasticsearch:auth:enabled', default=False) %}
diff --git a/salt/elasticsearch/auth.sls b/salt/elasticsearch/auth.sls
new file mode 100644
index 000000000..373f2fbed
--- /dev/null
+++ b/salt/elasticsearch/auth.sls
@@ -0,0 +1,39 @@
+{% set so_elastic_user_pass = salt['random.get_str'](20) %}
+{% set so_kibana_user_pass = salt['random.get_str'](20) %}
+{% set so_logstash_user_pass = salt['random.get_str'](20) %}
+{% set so_beats_user_pass = salt['random.get_str'](20) %}
+{% set so_monitor_user_pass = salt['random.get_str'](20) %}
+
+elastic_auth_pillar:
+ file.managed:
+ - name: /opt/so/saltstack/local/pillar/elasticsearch/auth.sls
+ - mode: 600
+ - reload_pillar: True
+ - contents: |
+ elasticsearch:
+ auth:
+ enabled: False
+ users:
+ so_elastic_user:
+ user: so_elastic
+ pass: {{ so_elastic_user_pass }}
+ so_kibana_user:
+ user: so_kibana
+ pass: {{ so_kibana_user_pass }}
+ so_logstash_user:
+ user: so_logstash
+ pass: {{ so_logstash_user_pass }}
+ so_beats_user:
+ user: so_beats
+ pass: {{ so_beats_user_pass }}
+ so_monitor_user:
+ user: so_monitor
+ pass: {{ so_monitor_user_pass }}
+ # since we are generating a random password, and we don't want that to happen everytime
+ # a highstate runs, we only manage the file each user isn't present in the file. if the
+ # pillar file doesn't exists, then the default vault provided to pillar.get should not
+ # be within the file either, so it should then be created
+ - unless:
+ {% for so_app_user, values in salt['pillar.get']('elasticsearch:auth:users', {'so_noapp_user': {'user': 'r@NDumu53Rd0NtDOoP'}}).items() %}
+ - grep {{ values.user }} /opt/so/saltstack/local/pillar/elasticsearch/auth.sls
+ {% endfor%}
diff --git a/salt/elasticsearch/files/curl.config.template b/salt/elasticsearch/files/curl.config.template
new file mode 100644
index 000000000..14f5a2a1d
--- /dev/null
+++ b/salt/elasticsearch/files/curl.config.template
@@ -0,0 +1 @@
+user = "{{ salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user') }}:{{ salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass') }}"
\ No newline at end of file
diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml
index fed45bf79..bf5e7e2b4 100644
--- a/salt/elasticsearch/files/elasticsearch.yml
+++ b/salt/elasticsearch/files/elasticsearch.yml
@@ -30,13 +30,15 @@ xpack.security.http.ssl.client_authentication: none
xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt
+{% if not salt['pillar.get']('elasticsearch:auth:enabled', False) %}
xpack.security.authc:
anonymous:
username: anonymous_user
roles: superuser
authz_exception: true
+{% endif %}
node.name: {{ grains.host }}
-script.max_compilations_rate: 1000/1m
+script.max_compilations_rate: 20000/1m
{%- if TRUECLUSTER is sameas true %}
{%- if grains.role == 'so-manager' %}
{%- if salt['pillar.get']('nodestab', {}) %}
diff --git a/salt/elasticsearch/files/ingest/filterlog b/salt/elasticsearch/files/ingest/filterlog
index cb914f4a3..3e885fe54 100644
--- a/salt/elasticsearch/files/ingest/filterlog
+++ b/salt/elasticsearch/files/ingest/filterlog
@@ -51,7 +51,7 @@
},
{ "set": { "field": "_index", "value": "so-firewall", "override": true } },
{ "set": { "if": "ctx.network?.transport_id == '0'", "field": "network.transport", "value": "icmp", "override": true } },
- {"community_id": { "if": "ctx.network?.transport != null", "field":["source.ip","source.port","destination.ip","destination.port","network.transport"],"target_field":"network.community_id"}},
+ {"community_id": {} },
{ "set": { "field": "module", "value": "pfsense", "override": true } },
{ "set": { "field": "dataset", "value": "firewall", "override": true } },
{ "remove": { "field": ["real_message", "ip_sub_msg", "firewall.sub_message"], "ignore_failure": true } }
diff --git a/salt/elasticsearch/files/ingest/ossec b/salt/elasticsearch/files/ingest/ossec
index 868de2798..1c5a0fd42 100644
--- a/salt/elasticsearch/files/ingest/ossec
+++ b/salt/elasticsearch/files/ingest/ossec
@@ -63,7 +63,8 @@
{ "rename": { "field": "fields.module", "target_field": "event.module", "ignore_failure": true, "ignore_missing": true } },
{ "pipeline": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational'", "name": "sysmon" } },
{ "pipeline": { "if": "ctx.winlog?.channel != 'Microsoft-Windows-Sysmon/Operational'", "name":"win.eventlogs" } },
- { "set": { "if": "ctx.rule != null && ctx.rule.name != null", "field": "event.dataset", "value": "alert", "override": true } },
+ { "set": { "if": "ctx.rule != null && ctx.rule.name != null", "field": "event.dataset", "value": "ossec.alert", "override": true } },
+ { "set": { "if": "ctx.rule != null && ctx.rule.name != null", "field": "event.kind", "value": "alert", "override": true } },
{ "pipeline": { "name": "common" } }
]
}
diff --git a/salt/elasticsearch/files/ingest/strelka.file b/salt/elasticsearch/files/ingest/strelka.file
index e5e8560f8..cf2772305 100644
--- a/salt/elasticsearch/files/ingest/strelka.file
+++ b/salt/elasticsearch/files/ingest/strelka.file
@@ -53,7 +53,8 @@
{ "set": { "if": "ctx.exiftool?.FileDirectory != null", "field": "file.directory", "value": "{{exiftool.FileDirectory}}", "ignore_failure": true }},
{ "set": { "if": "ctx.exiftool?.Subsystem != null", "field": "host.subsystem", "value": "{{exiftool.Subsystem}}", "ignore_failure": true }},
{ "set": { "if": "ctx.scan?.yara?.matches != null", "field": "rule.name", "value": "{{scan.yara.matches.0}}" }},
- { "set": { "if": "ctx.scan?.yara?.matches != null", "field": "dataset", "value": "alert", "override": true }},
+ { "set": { "if": "ctx.scan?.yara?.matches != null", "field": "dataset", "value": "strelka.alert", "override": true }},
+ { "set": { "if": "ctx.scan?.yara?.matches != null", "field": "event.kind", "value": "alert", "override": true }},
{ "rename": { "field": "file.flavors.mime", "target_field": "file.mime_type", "ignore_missing": true }},
{ "set": { "if": "ctx.rule?.name != null && ctx.rule?.score == null", "field": "event.severity", "value": 3, "override": true } },
{ "convert" : { "if": "ctx.rule?.score != null", "field" : "rule.score","type": "integer"}},
diff --git a/salt/elasticsearch/files/ingest/sysmon b/salt/elasticsearch/files/ingest/sysmon
index 599899488..e4db4bcb4 100644
--- a/salt/elasticsearch/files/ingest/sysmon
+++ b/salt/elasticsearch/files/ingest/sysmon
@@ -1,7 +1,6 @@
{
"description" : "sysmon",
"processors" : [
- {"community_id": {"if": "ctx.winlog.event_data?.Protocol != null", "field":["winlog.event_data.SourceIp","winlog.event_data.SourcePort","winlog.event_data.DestinationIp","winlog.event_data.DestinationPort","winlog.event_data.Protocol"],"target_field":"network.community_id"}},
{ "set": { "field": "event.code", "value": "{{winlog.event_id}}", "override": true } },
{ "set": { "field": "event.module", "value": "sysmon", "override": true } },
{ "set": { "if": "ctx.winlog?.computer_name != null", "field": "observer.name", "value": "{{winlog.computer_name}}", "override": true } },
@@ -64,6 +63,7 @@
{ "rename": { "field": "winlog.event_data.SourceIp", "target_field": "source.ip", "ignore_missing": true } },
{ "rename": { "field": "winlog.event_data.SourcePort", "target_field": "source.port", "ignore_missing": true } },
{ "rename": { "field": "winlog.event_data.targetFilename", "target_field": "file.target", "ignore_missing": true } },
- { "rename": { "field": "winlog.event_data.TargetFilename", "target_field": "file.target", "ignore_missing": true } }
+ { "rename": { "field": "winlog.event_data.TargetFilename", "target_field": "file.target", "ignore_missing": true } },
+ { "community_id": {} }
]
}
diff --git a/salt/elasticsearch/files/ingest/zeek.common b/salt/elasticsearch/files/ingest/zeek.common
index 563f5956b..e7b898c6f 100644
--- a/salt/elasticsearch/files/ingest/zeek.common
+++ b/salt/elasticsearch/files/ingest/zeek.common
@@ -8,11 +8,11 @@
{ "dot_expander": { "field": "id.orig_p", "path": "message2", "ignore_failure": true } },
{ "dot_expander": { "field": "id.resp_h", "path": "message2", "ignore_failure": true } },
{ "dot_expander": { "field": "id.resp_p", "path": "message2", "ignore_failure": true } },
- {"community_id": {"if": "ctx.network?.transport != null", "field":["message2.id.orig_h","message2.id.orig_p","message2.id.resp_h","message2.id.resp_p","network.transport"],"target_field":"network.community_id"}},
{ "rename": { "field": "message2.id.orig_h", "target_field": "source.ip", "ignore_missing": true } },
{ "rename": { "field": "message2.id.orig_p", "target_field": "source.port", "ignore_missing": true } },
{ "rename": { "field": "message2.id.resp_h", "target_field": "destination.ip", "ignore_missing": true } },
{ "rename": { "field": "message2.id.resp_p", "target_field": "destination.port", "ignore_missing": true } },
+ { "community_id": {} },
{ "set": { "if": "ctx.source?.ip != null", "field": "client.ip", "value": "{{source.ip}}" } },
{ "set": { "if": "ctx.source?.port != null", "field": "client.port", "value": "{{source.port}}" } },
{ "set": { "if": "ctx.destination?.ip != null", "field": "server.ip", "value": "{{destination.ip}}" } },
diff --git a/salt/elasticsearch/files/scripts/so-catrust b/salt/elasticsearch/files/scripts/so-catrust
index d49a29ce4..c157d9691 100644
--- a/salt/elasticsearch/files/scripts/so-catrust
+++ b/salt/elasticsearch/files/scripts/so-catrust
@@ -1,6 +1,6 @@
#!/bin/bash
#
-# Copyright 2014,2015,2016,2017,2018,2019 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
diff --git a/salt/elasticsearch/files/so-elasticsearch-pipelines b/salt/elasticsearch/files/so-elasticsearch-pipelines
index fca50b7d4..c1ff88397 100755
--- a/salt/elasticsearch/files/so-elasticsearch-pipelines
+++ b/salt/elasticsearch/files/so-elasticsearch-pipelines
@@ -1,6 +1,6 @@
#!/bin/bash
#
-# Copyright 2014,2015,2016,2017,2018,2019 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -27,7 +27,7 @@ echo -n "Waiting for ElasticSearch..."
COUNT=0
ELASTICSEARCH_CONNECTED="no"
while [[ "$COUNT" -le 240 ]]; do
- curl ${ELASTICSEARCH_AUTH} -k --output /dev/null --silent --head --fail -L https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT"
+ {{ ELASTICCURL }} -k --output /dev/null --silent --head --fail -L https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT"
if [ $? -eq 0 ]; then
ELASTICSEARCH_CONNECTED="yes"
echo "connected!"
@@ -47,9 +47,9 @@ fi
cd ${ELASTICSEARCH_INGEST_PIPELINES}
echo "Loading pipelines..."
-for i in *; do echo $i; RESPONSE=$(curl ${ELASTICSEARCH_AUTH} -k -XPUT -L https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_ingest/pipeline/$i -H 'Content-Type: application/json' -d@$i 2>/dev/null); echo $RESPONSE; if [[ "$RESPONSE" == *"error"* ]]; then RETURN_CODE=1; fi; done
+for i in *; do echo $i; RESPONSE=$({{ ELASTICCURL }} -k -XPUT -L https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_ingest/pipeline/$i -H 'Content-Type: application/json' -d@$i 2>/dev/null); echo $RESPONSE; if [[ "$RESPONSE" == *"error"* ]]; then RETURN_CODE=1; fi; done
echo
cd - >/dev/null
-exit $RETURN_CODE
\ No newline at end of file
+exit $RETURN_CODE
diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls
index df297986a..4045fa10f 100644
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -35,6 +35,8 @@
{% endif %}
{% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %}
+{% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %}
+
vm.max_map_count:
sysctl.present:
@@ -169,6 +171,40 @@ eslogdir:
- group: 939
- makedirs: True
+auth_users:
+ file.managed:
+ - name: /opt/so/conf/elasticsearch/users.tmp
+ - source: salt://elasticsearch/files/users
+ - user: 930
+ - group: 930
+ - mode: 600
+ - show_changes: False
+
+auth_users_roles:
+ file.managed:
+ - name: /opt/so/conf/elasticsearch/users_roles.tmp
+ - source: salt://elasticsearch/files/users_roles
+ - user: 930
+ - group: 930
+ - mode: 600
+ - show_changes: False
+
+auth_users_inode:
+ require:
+ - file: auth_users
+ cmd.run:
+ - name: cat /opt/so/conf/elasticsearch/users.tmp > /opt/so/conf/elasticsearch/users && chown 930:930 /opt/so/conf/elasticsearch/users && chmod 600 /opt/so/conf/elasticsearch/users
+ - onchanges:
+ - file: /opt/so/conf/elasticsearch/users.tmp
+
+auth_users_roles_inode:
+ require:
+ - file: auth_users_roles
+ cmd.run:
+ - name: cat /opt/so/conf/elasticsearch/users_roles.tmp > /opt/so/conf/elasticsearch/users_roles && chown 930:930 /opt/so/conf/elasticsearch/users_roles && chmod 600 /opt/so/conf/elasticsearch/users_roles
+ - onchanges:
+ - file: /opt/so/conf/elasticsearch/users_roles.tmp
+
so-elasticsearch:
docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }}
@@ -213,6 +249,10 @@ so-elasticsearch:
- /etc/pki/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt:ro
- /etc/pki/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.key:ro
- /etc/pki/elasticsearch.p12:/usr/share/elasticsearch/config/elasticsearch.p12:ro
+ {% if salt['pillar.get']('elasticsearch:auth:enabled', False) %}
+ - /opt/so/conf/elasticsearch/users_roles:/usr/share/elasticsearch/config/users_roles:ro
+ - /opt/so/conf/elasticsearch/users:/usr/share/elasticsearch/config/users:ro
+ {% endif %}
- watch:
- file: cacertz
- file: esyml
@@ -232,6 +272,8 @@ so-elasticsearch-pipelines-file:
- group: 939
- mode: 754
- template: jinja
+ - defaults:
+ ELASTICCURL: {{ ELASTICAUTH.elasticcurl }}
so-elasticsearch-pipelines:
cmd.run:
diff --git a/salt/elasticsearch/templates/so/so-common-template.json b/salt/elasticsearch/templates/so/so-common-template.json
index c1f0a6755..26a5f2ec7 100644
--- a/salt/elasticsearch/templates/so/so-common-template.json
+++ b/salt/elasticsearch/templates/so/so-common-template.json
@@ -1,5 +1,5 @@
{
- "index_patterns": ["so-ids-*", "so-firewall-*", "so-syslog-*", "so-zeek-*", "so-import-*", "so-ossec-*", "so-strelka-*", "so-beats-*", "so-osquery-*","so-playbook-*"],
+ "index_patterns": ["so-*"],
"version":50001,
"order":10,
"settings":{
@@ -228,7 +228,11 @@
"event":{
"type":"object",
"dynamic": true
- },
+ },
+ "event_data":{
+ "type":"object",
+ "dynamic": true
+ },
"file":{
"type":"object",
"dynamic": true
@@ -316,7 +320,8 @@
"type":"text",
"fields":{
"keyword":{
- "type":"keyword"
+ "type":"keyword",
+ "ignore_above": 32766
}
}
},
@@ -522,11 +527,159 @@
"version":{
"type":"long"
}
- }
- },
+ }
+ },
"x509":{
"type":"object",
"dynamic": true
+ },
+ "suricata":{
+ "type":"object",
+ "dynamic": true
+ },
+ "zeek":{
+ "type":"object",
+ "dynamic": true
+ },
+ "aws":{
+ "type":"object",
+ "dynamic": true
+ },
+ "azure":{
+ "type":"object",
+ "dynamic": true
+ },
+ "barracuda":{
+ "type":"object",
+ "dynamic": true
+ },
+ "bluecoat":{
+ "type":"object",
+ "dynamic": true
+ },
+ "cef":{
+ "type":"object",
+ "dynamic": true
+ },
+ "checkpoint":{
+ "type":"object",
+ "dynamic": true
+ },
+ "cisco":{
+ "type":"object",
+ "dynamic": true
+ },
+ "cyberark":{
+ "type":"object",
+ "dynamic": true
+ },
+ "cylance":{
+ "type":"object",
+ "dynamic": true
+ },
+ "f5":{
+ "type":"object",
+ "dynamic": true
+ },
+ "fortinet":{
+ "type":"object",
+ "dynamic": true
+ },
+ "gcp":{
+ "type":"object",
+ "dynamic": true
+ },
+ "google_workspace":{
+ "type":"object",
+ "dynamic": true
+ },
+ "imperva":{
+ "type":"object",
+ "dynamic": true
+ },
+ "infoblox":{
+ "type":"object",
+ "dynamic": true
+ },
+ "juniper":{
+ "type":"object",
+ "dynamic": true
+ },
+ "microsoft":{
+ "type":"object",
+ "dynamic": true
+ },
+ "misp":{
+ "type":"object",
+ "dynamic": true
+ },
+ "netflow":{
+ "type":"object",
+ "dynamic": true
+ },
+ "netscout":{
+ "type":"object",
+ "dynamic": true
+ },
+ "o365":{
+ "type":"object",
+ "dynamic": true
+ },
+ "okta":{
+ "type":"object",
+ "dynamic": true
+ },
+ "proofpoint":{
+ "type":"object",
+ "dynamic": true
+ },
+ "radware":{
+ "type":"object",
+ "dynamic": true
+ },
+ "snort":{
+ "type":"object",
+ "dynamic": true
+ },
+ "snyk":{
+ "type":"object",
+ "dynamic": true
+ },
+ "sonicwall":{
+ "type":"object",
+ "dynamic": true
+ },
+ "sophos":{
+ "type":"object",
+ "dynamic": true
+ },
+ "squid":{
+ "type":"object",
+ "dynamic": true
+ },
+ "tomcat":{
+ "type":"object",
+ "dynamic": true
+ },
+ "zcaler":{
+ "type":"object",
+ "dynamic": true
+ },
+ "elasticsearch":{
+ "type":"object",
+ "dynamic": true
+ },
+ "kibana":{
+ "type":"object",
+ "dynamic": true
+ },
+ "logstash":{
+ "type":"object",
+ "dynamic": true
+ },
+ "redis":{
+ "type":"object",
+ "dynamic": true
}
}
}
diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index 0f7c9c778..2a86b486f 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -3,7 +3,8 @@
{%- else %}
{%- set MANAGER = salt['grains.get']('master') %}
{%- endif %}
-
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
{%- set HOSTNAME = salt['grains.get']('host', '') %}
{%- set ZEEKVER = salt['pillar.get']('global:mdengine', 'COMMUNITY') %}
@@ -71,7 +72,13 @@ logging.files:
# Set to true to log messages in json format.
#logging.json: false
+
+
#========================== Modules configuration ============================
+filebeat.config.modules:
+ enabled: true
+ path: ${path.config}/modules.d/*.yml
+
filebeat.modules:
#=========================== Filebeat prospectors =============================
@@ -183,7 +190,6 @@ filebeat.inputs:
fields_under_root: true
clean_removed: false
close_removed: false
-
{%- if STRELKAENABLED == 1 %}
- type: log
paths:
@@ -261,6 +267,10 @@ output.{{ type }}:
output.elasticsearch:
enabled: true
hosts: ["https://{{ MANAGER }}:9200"]
+{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+ username: "{{ ES_USER }}"
+ password: "{{ ES_PASS }}"
+{%- endif %}
ssl.certificate_authorities: ["/usr/share/filebeat/intraca.crt"]
pipelines:
- pipeline: "%{[module]}.%{[dataset]}"
diff --git a/salt/filebeat/etc/module-setup.yml b/salt/filebeat/etc/module-setup.yml
new file mode 100644
index 000000000..6c2f91d18
--- /dev/null
+++ b/salt/filebeat/etc/module-setup.yml
@@ -0,0 +1,16 @@
+{%- if grains['role'] in ['so-managersearch', 'so-heavynode', 'so-node'] %}
+{%- set MANAGER = salt['grains.get']('host' '') %}
+{%- else %}
+{%- set MANAGER = salt['grains.get']('master') %}
+{%- endif %}
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
+
+output.elasticsearch:
+ enabled: true
+ hosts: ["https://{{ MANAGER }}:9200"]
+{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+ username: "{{ ES_USER }}"
+ password: "{{ ES_PASS }}"
+{% endif %}
+ ssl.certificate_authorities: ["/usr/share/filebeat/intraca.crt"]
diff --git a/salt/filebeat/etc/module_config.yml.jinja b/salt/filebeat/etc/module_config.yml.jinja
new file mode 100644
index 000000000..733d47c7e
--- /dev/null
+++ b/salt/filebeat/etc/module_config.yml.jinja
@@ -0,0 +1,18 @@
+# DO NOT EDIT THIS FILE
+{%- if MODULES.modules is iterable and MODULES.modules is not string and MODULES.modules|length > 0%}
+ {%- for module in MODULES.modules.keys() %}
+- module: {{ module }}
+ {%- for fileset in MODULES.modules[module] %}
+ {{ fileset }}:
+ enabled: {{ MODULES.modules[module][fileset].enabled|string|lower }}
+ {#- only manage the settings if the fileset is enabled #}
+ {%- if MODULES.modules[module][fileset].enabled %}
+ {%- for var, value in MODULES.modules[module][fileset].items() %}
+ {%- if var|lower != 'enabled' %}
+ {{ var }}: {{ value }}
+ {%- endif %}
+ {%- endfor %}
+ {%- endif %}
+ {%- endfor %}
+ {%- endfor %}
+{% endif %}
diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls
index 64cdc47fc..f03d3dc1a 100644
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -1,3 +1,4 @@
+
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,18 +21,37 @@
{% set LOCALHOSTIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
{% set MANAGER = salt['grains.get']('master') %}
{% set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
+{% from 'filebeat/map.jinja' import THIRDPARTY with context %}
+{% from 'filebeat/map.jinja' import SO with context %}
+{% set ES_INCLUDED_NODES = ['so-eval', 'so-standalone', 'so-managersearch', 'so-node', 'so-heavynode', 'so-import'] %}
+
+#only include elastic state for certain nodes
+{% if grains.role in ES_INCLUDED_NODES %}
+include:
+ - elasticsearch
+{% endif %}
+
filebeatetcdir:
file.directory:
- name: /opt/so/conf/filebeat/etc
- user: 939
- group: 939
- makedirs: True
+
+filebeatmoduledir:
+ file.directory:
+ - name: /opt/so/conf/filebeat/modules
+ - user: root
+ - group: root
+ - makedirs: True
+
filebeatlogdir:
file.directory:
- name: /opt/so/log/filebeat
- user: 939
- group: 939
- makedirs: True
+
filebeatpkidir:
file.directory:
- name: /opt/so/conf/filebeat/etc/pki
@@ -44,6 +64,7 @@ fileregistrydir:
- user: 939
- group: 939
- makedirs: True
+
# This needs to be owned by root
filebeatconfsync:
file.managed:
@@ -55,6 +76,33 @@ filebeatconfsync:
- defaults:
INPUTS: {{ salt['pillar.get']('filebeat:config:inputs', {}) }}
OUTPUT: {{ salt['pillar.get']('filebeat:config:output', {}) }}
+
+# Filebeat module config file
+filebeatmoduleconfsync:
+ file.managed:
+ - name: /opt/so/conf/filebeat/etc/module-setup.yml
+ - source: salt://filebeat/etc/module-setup.yml
+ - user: root
+ - group: root
+ - mode: 640
+ - template: jinja
+
+sodefaults_module_conf:
+ file.managed:
+ - name: /opt/so/conf/filebeat/modules/securityonion.yml
+ - source: salt://filebeat/etc/module_config.yml.jinja
+ - template: jinja
+ - defaults:
+ MODULES: {{ SO }}
+
+thirdparty_module_conf:
+ file.managed:
+ - name: /opt/so/conf/filebeat/modules/thirdparty.yml
+ - source: salt://filebeat/etc/module_config.yml.jinja
+ - template: jinja
+ - defaults:
+ MODULES: {{ THIRDPARTY }}
+
so-filebeat:
docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-filebeat:{{ VERSION }}
@@ -65,19 +113,41 @@ so-filebeat:
- /nsm:/nsm:ro
- /opt/so/log/filebeat:/usr/share/filebeat/logs:rw
- /opt/so/conf/filebeat/etc/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
+ - /opt/so/conf/filebeat/etc/module-setup.yml:/usr/share/filebeat/module-setup.yml:ro
- /nsm/wazuh/logs/alerts:/wazuh/alerts:ro
- /nsm/wazuh/logs/archives:/wazuh/archives:ro
+ - /opt/so/conf/filebeat/modules:/usr/share/filebeat/modules.d
- /opt/so/conf/filebeat/etc/pki/filebeat.crt:/usr/share/filebeat/filebeat.crt:ro
- /opt/so/conf/filebeat/etc/pki/filebeat.key:/usr/share/filebeat/filebeat.key:ro
- /opt/so/conf/filebeat/registry:/usr/share/filebeat/data/registry:rw
- /etc/ssl/certs/intca.crt:/usr/share/filebeat/intraca.crt:ro
+ - /opt/so/log:/logs:ro
- port_bindings:
- 0.0.0.0:514:514/udp
- 0.0.0.0:514:514/tcp
- 0.0.0.0:5066:5066/tcp
+{% for module in THIRDPARTY.modules.keys() %}
+ {% for submodule in THIRDPARTY.modules[module] %}
+ {% if THIRDPARTY.modules[module][submodule].enabled and THIRDPARTY.modules[module][submodule]["var.syslog_port"] is defined %}
+ - {{ THIRDPARTY.modules[module][submodule].get("var.syslog_host", "0.0.0.0") }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}/tcp
+ - {{ THIRDPARTY.modules[module][submodule].get("var.syslog_host", "0.0.0.0") }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}/udp
+ {% endif %}
+ {% endfor %}
+{% endfor %}
- watch:
- file: /opt/so/conf/filebeat/etc/filebeat.yml
+{% if grains.role in ES_INCLUDED_NODES %}
+run_module_setup:
+ cmd.run:
+ - name: /usr/sbin/so-filebeat-module-setup
+ - require:
+ - file: filebeatmoduleconfsync
+ - docker_container: so-filebeat
+ - onchanges:
+ - docker_container: so-elasticsearch
+{% endif %}
+
append_so-filebeat_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
diff --git a/salt/filebeat/map.jinja b/salt/filebeat/map.jinja
new file mode 100644
index 000000000..6ae6e7cff
--- /dev/null
+++ b/salt/filebeat/map.jinja
@@ -0,0 +1,6 @@
+{% import_yaml 'filebeat/thirdpartydefaults.yaml' as TPDEFAULTS %}
+{% set THIRDPARTY = salt['pillar.get']('filebeat:third_party_filebeat', default=TPDEFAULTS.third_party_filebeat, merge=True) %}
+
+{% import_yaml 'filebeat/securityoniondefaults.yaml' as SODEFAULTS %}
+{% set SO = SODEFAULTS.securityonion_filebeat %}
+{#% set SO = salt['pillar.get']('filebeat:third_party_filebeat', default=SODEFAULTS.third_party_filebeat, merge=True) %#}
diff --git a/salt/filebeat/securityoniondefaults.yaml b/salt/filebeat/securityoniondefaults.yaml
new file mode 100644
index 000000000..be4f81bd1
--- /dev/null
+++ b/salt/filebeat/securityoniondefaults.yaml
@@ -0,0 +1,31 @@
+{%- set ZEEKVER = salt['pillar.get']('global:mdengine', '') %}
+{% set ZEEKLOGLOOKUP = {
+ 'conn': 'connection',
+} %}
+securityonion_filebeat:
+ modules:
+ {%- if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone','so-node', 'so-hotnode', 'so-warmnode', 'so-heavynode'] %}
+ elasticsearch:
+ server:
+ enabled: true
+ var.paths: ["/logs/elasticsearch/*.log"]
+ logstash:
+ log:
+ enabled: true
+ var.paths: ["/logs/logstash.log"]
+ {%- endif %}
+ {%- if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone'] %}
+ kibana:
+ log:
+ enabled: true
+ var.paths: ["/logs/kibana/kibana.log"]
+ {%- endif %}
+ {%- if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone', 'so-heavynode'] %}
+ redis:
+ log:
+ enabled: true
+ var.paths: ["/logs/redis.log"]
+ slowlog:
+ enabled: false
+ {%- endif %}
+
\ No newline at end of file
diff --git a/salt/filebeat/thirdpartydefaults.yaml b/salt/filebeat/thirdpartydefaults.yaml
new file mode 100644
index 000000000..112ed6d6c
--- /dev/null
+++ b/salt/filebeat/thirdpartydefaults.yaml
@@ -0,0 +1,252 @@
+third_party_filebeat:
+ modules:
+ aws:
+ cloudtrail:
+ enabled: false
+ cloudwatch:
+ enabled: false
+ ec2:
+ enabled: false
+ elb:
+ enabled: false
+ s3access:
+ enabled: false
+ vpcflow:
+ enabled: false
+ azure:
+ activitylogs:
+ enabled: false
+ platformlogs:
+ enabled: false
+ auditlogs:
+ enabled: false
+ signinlogs:
+ enabled: false
+ barracuda:
+ waf:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9503
+ spamfirewall:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9524
+ bluecoat:
+ director:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9505
+ cef:
+ log:
+ enabled: false
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9003
+ checkpoint:
+ firewall:
+ enabled: false
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9505
+ cisco:
+ asa:
+ enabled: false
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9001
+ ftd:
+ enabled: false
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9003
+ ios:
+ enabled: false
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9002
+ nexus:
+ enabled: false
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9506
+ meraki:
+ enabled: false
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9525
+ umbrella:
+ enabled: false
+ amp:
+ enabled: false
+ cyberark:
+ corepas:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9527
+ cylance:
+ protect:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9508
+ f5:
+ bigipapm:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9504
+ bigipafm:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9528
+ fortinet:
+ firewall:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9004
+ clientendpoint:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9510
+ fortimail:
+ enabled: false
+ var.input: udp
+ var.syslog_port: 9350
+ gcp:
+ vpcflow:
+ enabled: false
+ firewall:
+ enabled: false
+ audit:
+ enabled: false
+ google_workspace:
+ saml:
+ enabled: false
+ user_accounts:
+ enabled: false
+ login:
+ enabled: false
+ admin:
+ enabled: false
+ drive:
+ enabled: false
+ groups:
+ enabled: false
+ imperva:
+ securesphere:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9511
+ infoblox:
+ nios:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9512
+ juniper:
+ junos:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9513
+ netscreen:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9523
+ srx:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9006
+ microsoft:
+ defender_atp:
+ enabled: false
+ m365_defender:
+ enabled: false
+ dhcp:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9515
+ misp:
+ threat:
+ enabled: false
+ netflow:
+ log:
+ enabled: false
+ var.netflow_host: 0.0.0.0
+ var.netflow_port: 2055
+ var.internal_networks:
+ - private
+ netscout:
+ sightline:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9502
+ o365:
+ audit:
+ enabled: false
+ okta:
+ system:
+ enabled: false
+ proofpoint:
+ emailsecurity:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9531
+ radware:
+ defensepro:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9518
+ snort:
+ log:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9532
+ snyk:
+ audit:
+ enabled: false
+ vulnerabilities:
+ enabled: false
+ sonicwall:
+ firewall:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9519
+ sophos:
+ xg:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9005
+ utm:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9533
+ squid:
+ log:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9520
+ tomcat:
+ log:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9501
+ zscaler:
+ zia:
+ enabled: false
+ var.input: udp
+ var.syslog_host: 0.0.0.0
+ var.syslog_port: 9521
diff --git a/salt/grafana/dashboards/eval/eval.json b/salt/grafana/dashboards/eval/eval.json
index cc4298bb2..aa1588a07 100644
--- a/salt/grafana/dashboards/eval/eval.json
+++ b/salt/grafana/dashboards/eval/eval.json
@@ -16,14 +16,13 @@
"editable": true,
"gnetId": 2381,
"graphTooltip": 0,
- "id": 3,
+ "id": 6,
"links": [],
"panels": [
{
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"decimals": 2,
"mappings": [],
"thresholds": {
@@ -58,9 +57,10 @@
"fields": "",
"values": false
},
+ "text": {},
"textMode": "auto"
},
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"targets": [
{
"groupBy": [
@@ -119,37 +119,7 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": [],
- "mappings": [
- {
- "id": 0,
- "op": "=",
- "text": "N/A",
- "type": 1,
- "value": "null"
- }
- ],
- "max": 100,
- "min": 0,
- "nullValueMode": "connected",
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "rgba(50, 172, 45, 0.97)",
- "value": null
- },
- {
- "color": "rgba(237, 129, 40, 0.89)",
- "value": 60
- },
- {
- "color": "rgba(245, 54, 54, 0.9)",
- "value": 80
- }
- ]
- },
"unit": "percent"
},
"overrides": []
@@ -181,16 +151,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -244,6 +223,63 @@
"value": "cpu-total"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_idle"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "* -1 + 100"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
}
],
"thresholds": [],
@@ -289,13 +325,12 @@
},
{
"aliasColors": {},
- "bars": true,
+ "bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -319,23 +354,32 @@
"total": false,
"values": false
},
- "lines": false,
+ "lines": true,
"linewidth": 1,
- "nullPointMode": "null",
+ "nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": true,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Loss Current",
"groupBy": [
{
"params": [
@@ -352,7 +396,7 @@
],
"measurement": "zeekcaptureloss",
"orderByTime": "ASC",
- "policy": "autogen",
+ "policy": "default",
"refId": "A",
"resultFormat": "time_series",
"select": [
@@ -376,6 +420,50 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Loss Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": true,
+ "measurement": "zeekcaptureloss",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_loss"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -429,7 +517,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -461,16 +548,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Loss Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -518,6 +614,57 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Loss Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "zeekdrop",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_drop"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "last"
+ },
+ {
+ "params": [
+ "* 100"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -571,7 +718,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -603,16 +749,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Loss Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -660,6 +815,57 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Loss Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "suridrop",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_drop"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "last"
+ },
+ {
+ "params": [
+ "* 100"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -712,7 +918,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -744,16 +949,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Loss Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -795,6 +1009,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Loss Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "stenodrop",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_drop"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "last"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -846,9 +1105,7 @@
"dashes": false,
"datasource": "InfluxDB",
"fieldConfig": {
- "defaults": {
- "custom": {}
- },
+ "defaults": {},
"overrides": []
},
"fill": 1,
@@ -877,17 +1134,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Usage",
+ "alias": "Usage Current",
"groupBy": [
{
"params": [
@@ -934,6 +1199,56 @@
"value": "/"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "disk",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_used_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "path",
+ "operator": "=",
+ "value": "/"
+ }
+ ]
}
],
"thresholds": [],
@@ -985,9 +1300,7 @@
"dashes": false,
"datasource": "InfluxDB",
"fieldConfig": {
- "defaults": {
- "custom": {}
- },
+ "defaults": {},
"overrides": []
},
"fill": 1,
@@ -1016,17 +1329,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Usage",
+ "alias": "Usage Current",
"groupBy": [
{
"params": [
@@ -1074,6 +1395,57 @@
"value": "/nsm"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "disk",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "queryType": "randomWalk",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_used_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "path",
+ "operator": "=",
+ "value": "/nsm"
+ }
+ ]
}
],
"thresholds": [],
@@ -1127,7 +1499,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -1159,16 +1530,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1203,7 +1583,64 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-elasticsearch"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -1274,7 +1711,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -1306,16 +1742,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1350,7 +1795,64 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-zeek"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -1421,7 +1923,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -1453,16 +1954,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1497,7 +2007,64 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-suricata"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -1568,7 +2135,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -1600,16 +2166,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1644,7 +2219,64 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-steno"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -1725,7 +2357,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -1759,17 +2390,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4,
+ "spaceLength": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "System",
+ "alias": "System Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1819,7 +2458,7 @@
]
},
{
- "alias": "User",
+ "alias": "User Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1869,7 +2508,7 @@
]
},
{
- "alias": "Nice",
+ "alias": "Nice Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1919,7 +2558,7 @@
]
},
{
- "alias": "Interrupt",
+ "alias": "Interrupt Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1969,7 +2608,7 @@
]
},
{
- "alias": "Wait",
+ "alias": "Wait Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2067,6 +2706,312 @@
"value": "cpu-total"
}
]
+ },
+ {
+ "alias": "System Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "G",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_system"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "User Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "H",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_user"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "Nice Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "I",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_nice"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "Interrupt Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "J",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_irq"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "Wait Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "K",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_iowait"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "SoftIRQ Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "L",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_softirq"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
}
],
"thresholds": [],
@@ -2119,7 +3064,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -2150,16 +3094,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"groupBy": [
{
"params": [
@@ -2176,7 +3129,7 @@
],
"measurement": "docker_container_mem",
"orderByTime": "ASC",
- "policy": "autogen",
+ "policy": "default",
"refId": "A",
"resultFormat": "time_series",
"select": [
@@ -2206,6 +3159,56 @@
"value": "so-elasticsearch"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-elasticsearch"
+ }
+ ]
}
],
"thresholds": [],
@@ -2259,7 +3262,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -2291,16 +3293,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2348,6 +3359,57 @@
"value": "so-zeek"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-zeek"
+ }
+ ]
}
],
"thresholds": [],
@@ -2400,7 +3462,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -2432,16 +3493,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2489,6 +3559,57 @@
"value": "so-suricata"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-suricata"
+ }
+ ]
}
],
"thresholds": [],
@@ -2541,7 +3662,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -2573,16 +3693,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2630,6 +3759,57 @@
"value": "so-steno"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-steno"
+ }
+ ]
}
],
"thresholds": [],
@@ -2687,9 +3867,7 @@
"editable": true,
"error": false,
"fieldConfig": {
- "defaults": {
- "custom": {}
- },
+ "defaults": {},
"overrides": []
},
"format": "none",
@@ -2808,7 +3986,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -2840,7 +4017,7 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
@@ -2938,7 +4115,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"mappings": [],
"thresholds": {
"mode": "absolute",
@@ -2975,9 +4151,10 @@
"fields": "",
"values": false
},
+ "text": {},
"textMode": "auto"
},
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"targets": [
{
"groupBy": [
@@ -3032,7 +4209,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"decimals": 2,
"mappings": [
{
@@ -3045,7 +4221,6 @@
],
"max": 1209600,
"min": 0,
- "nullValueMode": "connected",
"thresholds": {
"mode": "absolute",
"steps": [
@@ -3085,9 +4260,10 @@
"values": false
},
"showThresholdLabels": false,
- "showThresholdMarkers": true
+ "showThresholdMarkers": true,
+ "text": {}
},
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"targets": [
{
"dsType": "influxdb",
@@ -3153,7 +4329,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -3187,14 +4362,17 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
- "alias": "#cpu",
- "fill": 0
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
}
],
"spaceLength": 10,
@@ -3202,7 +4380,7 @@
"steppedLine": false,
"targets": [
{
- "alias": "#cpu",
+ "alias": "#cpu Current",
"groupBy": [
{
"params": [
@@ -3245,7 +4423,7 @@
]
},
{
- "alias": "1 Minute Average",
+ "alias": "1 Minute Average Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3289,7 +4467,7 @@
]
},
{
- "alias": "5 Minute Average",
+ "alias": "5 Minute Average Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3333,7 +4511,7 @@
]
},
{
- "alias": "15 Minute Average",
+ "alias": "15 Minute Average Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3375,6 +4553,185 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "#cpu Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "E",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_n_cpus"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "last"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "1 Minute Average Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "F",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_load1"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "5 Minute Average Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "G",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_load5"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "15 Minute Average Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "H",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_load15"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -3435,7 +4792,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -3471,7 +4827,7 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
@@ -3709,7 +5065,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -3743,17 +5098,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Inbound",
+ "alias": "Inbound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3772,7 +5135,7 @@
"measurement": "net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($__interval) fill(null)",
"rawQuery": false,
"refId": "A",
"resultFormat": "time_series",
@@ -3815,6 +5178,71 @@
"value": "{{ MONINT }}"
}
]
+ },
+ {
+ "alias": "Inbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_bytes_recv"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "interface",
+ "operator": "=",
+ "value": "{{ MONINT }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -3872,7 +5300,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -3906,7 +5333,7 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
@@ -4098,7 +5525,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -4131,7 +5557,7 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
@@ -4293,7 +5719,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -4327,17 +5752,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Inbound",
+ "alias": "Inbound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -4356,7 +5789,7 @@
"measurement": "net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($__interval) fill(null)",
"rawQuery": false,
"refId": "A",
"resultFormat": "time_series",
@@ -4401,7 +5834,7 @@
]
},
{
- "alias": "Outbound",
+ "alias": "Outbound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -4420,7 +5853,7 @@
"measurement": "net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($__interval) fill(null)",
"rawQuery": false,
"refId": "B",
"resultFormat": "time_series",
@@ -4463,6 +5896,136 @@
"value": "{{ MANINT }}"
}
]
+ },
+ {
+ "alias": "Inbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_bytes_recv"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "interface",
+ "operator": "=",
+ "value": "{{ MANINT }}"
+ }
+ ]
+ },
+ {
+ "alias": "Outbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_bytes_sent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "interface",
+ "operator": "=",
+ "value": "{{ MANINT }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -4517,7 +6080,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -4551,17 +6113,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Threads",
+ "alias": "Threads Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -4578,6 +6148,7 @@
}
],
"measurement": "processes",
+ "orderByTime": "ASC",
"policy": "default",
"refId": "A",
"resultFormat": "time_series",
@@ -4602,6 +6173,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Threads Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "processes",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_total_threads"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -4648,7 +6264,7 @@
}
],
"refresh": "30s",
- "schemaVersion": 26,
+ "schemaVersion": 27,
"style": "dark",
"tags": [],
"templating": {
@@ -4685,5 +6301,5 @@
"timezone": "browser",
"title": "Evaluation Mode - {{ SERVERNAME }} Overview",
"uid": "{{ UID }}",
- "version": 1
-}
\ No newline at end of file
+ "version": 10
+}
diff --git a/salt/grafana/dashboards/manager/manager.json b/salt/grafana/dashboards/manager/manager.json
index 2af54c136..7585706c3 100644
--- a/salt/grafana/dashboards/manager/manager.json
+++ b/salt/grafana/dashboards/manager/manager.json
@@ -17,7 +17,7 @@
"gnetId": 2381,
"graphTooltip": 0,
"id": 6,
- "iteration": 1614092189289,
+ "iteration": 1625019296449,
"links": [],
"panels": [
{
@@ -29,36 +29,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
- "mappings": [
- {
- "id": 0,
- "op": "=",
- "text": "N/A",
- "type": 1,
- "value": "null"
- }
- ],
- "max": 100,
- "min": 0,
- "nullValueMode": "connected",
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "rgba(50, 172, 45, 0.97)",
- "value": null
- },
- {
- "color": "rgba(237, 129, 40, 0.89)",
- "value": 60
- },
- {
- "color": "rgba(245, 54, 54, 0.9)",
- "value": 80
- }
- ]
- },
"unit": "percent"
},
"overrides": []
@@ -90,17 +60,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Usage",
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -154,6 +132,63 @@
"value": "cpu-total"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_idle"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "* -1 + 100"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
}
],
"thresholds": [],
@@ -201,7 +236,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"decimals": 2,
"mappings": [],
"thresholds": {
@@ -236,9 +270,10 @@
"fields": "",
"values": false
},
+ "text": {},
"textMode": "auto"
},
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"targets": [
{
"groupBy": [
@@ -297,7 +332,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -329,16 +363,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -373,7 +416,64 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-elasticsearch"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -445,7 +545,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -477,16 +576,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -521,7 +629,64 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-kibana"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -546,7 +711,7 @@
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
- "title": "{{ SERVERNAME }} - Kibana CPU",
+ "title": "{{ SERVERNAME }} - Kibana CPU Usage",
"tooltip": {
"shared": true,
"sort": 0,
@@ -593,7 +758,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -625,16 +789,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Queue Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -676,6 +849,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Queue Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "redisqueue",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_unparsed"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -729,7 +947,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -761,16 +978,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -818,6 +1044,57 @@
"value": "so-redis"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-redis"
+ }
+ ]
}
],
"thresholds": [],
@@ -869,9 +1146,7 @@
"dashes": false,
"datasource": "InfluxDB",
"fieldConfig": {
- "defaults": {
- "custom": {}
- },
+ "defaults": {},
"overrides": []
},
"fill": 1,
@@ -900,17 +1175,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Used",
+ "alias": "Used Current",
"groupBy": [
{
"params": [
@@ -957,6 +1240,56 @@
"value": "/"
}
]
+ },
+ {
+ "alias": "Used Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "disk",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_used_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "path",
+ "operator": "=",
+ "value": "/"
+ }
+ ]
}
],
"thresholds": [],
@@ -1007,9 +1340,7 @@
"dashes": false,
"datasource": "InfluxDB",
"fieldConfig": {
- "defaults": {
- "custom": {}
- },
+ "defaults": {},
"overrides": []
},
"fill": 1,
@@ -1038,17 +1369,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Used",
+ "alias": "Used Current",
"groupBy": [
{
"params": [
@@ -1095,6 +1434,56 @@
"value": "/nsm"
}
]
+ },
+ {
+ "alias": "Used Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "disk",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_used_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "path",
+ "operator": "=",
+ "value": "/nsm"
+ }
+ ]
}
],
"thresholds": [],
@@ -1147,7 +1536,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -1179,16 +1567,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1223,7 +1620,64 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-influxdb"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -1295,7 +1749,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -1327,16 +1780,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1371,7 +1833,64 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-logstash"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -1443,7 +1962,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -1475,16 +1993,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1519,7 +2046,64 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-redis"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -1590,7 +2174,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -1621,16 +2204,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Size Current",
"groupBy": [
{
"params": [
@@ -1647,7 +2239,7 @@
],
"measurement": "influxsize",
"orderByTime": "ASC",
- "policy": "autogen",
+ "policy": "default",
"refId": "A",
"resultFormat": "time_series",
"select": [
@@ -1671,6 +2263,50 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Size Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "influxsize",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_kbytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -1732,7 +2368,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -1766,17 +2401,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "System",
+ "alias": "System Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1826,7 +2469,7 @@
]
},
{
- "alias": "User",
+ "alias": "User Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1876,7 +2519,7 @@
]
},
{
- "alias": "Nice",
+ "alias": "Nice Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1926,7 +2569,7 @@
]
},
{
- "alias": "Interrupt",
+ "alias": "Interrupt Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1976,7 +2619,7 @@
]
},
{
- "alias": "Wait",
+ "alias": "Wait Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2026,7 +2669,7 @@
]
},
{
- "alias": "SoftIRQ",
+ "alias": "SoftIRQ Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2074,6 +2717,312 @@
"value": "cpu-total"
}
]
+ },
+ {
+ "alias": "System Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "G",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_system"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "User Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "H",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_user"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "Nice Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "I",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_nice"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "Interrupt Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "J",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_irq"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "Wait Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "K",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_iowait"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "SoftIRQ Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "L",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_softirq"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
}
],
"thresholds": [],
@@ -2132,7 +3081,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -2166,17 +3114,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Inbound",
+ "alias": "Inbound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2195,7 +3151,7 @@
"measurement": "net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "A",
"resultFormat": "time_series",
@@ -2240,7 +3196,7 @@
]
},
{
- "alias": "Outbound",
+ "alias": "Outbound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2259,7 +3215,7 @@
"measurement": "net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "B",
"resultFormat": "time_series",
@@ -2302,6 +3258,136 @@
"value": "{{ MANINT }}"
}
]
+ },
+ {
+ "alias": "Inbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_bytes_recv"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "interface",
+ "operator": "=",
+ "value": "{{ MANINT }}"
+ }
+ ]
+ },
+ {
+ "alias": "Outbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_bytes_sent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "interface",
+ "operator": "=",
+ "value": "{{ MANINT }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -2355,7 +3441,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -2388,17 +3473,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Total",
+ "alias": "Total Current",
"groupBy": [
{
"params": [
@@ -2441,7 +3534,7 @@
]
},
{
- "alias": "Used",
+ "alias": "Used Current",
"groupBy": [
{
"params": [
@@ -2482,6 +3575,94 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Total Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_total"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Used Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_used"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -2540,7 +3721,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -2574,13 +3754,20 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
- "alias": "#cpu",
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ },
+ {
+ "alias": "#cpu Current",
"fill": 0
}
],
@@ -2589,7 +3776,7 @@
"steppedLine": false,
"targets": [
{
- "alias": "#cpu",
+ "alias": "#cpu Current",
"groupBy": [
{
"params": [
@@ -2632,7 +3819,7 @@
]
},
{
- "alias": "1 Minute Average",
+ "alias": "1 Minute Average Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2676,7 +3863,7 @@
]
},
{
- "alias": "5 Minute Average",
+ "alias": "5 Minute Average Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2720,7 +3907,7 @@
]
},
{
- "alias": "15 Minute Average",
+ "alias": "15 Minute Average Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2762,6 +3949,185 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "#cpu Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "E",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_n_cpus"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "last"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "1 Minute Average Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "F",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_load1"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "5 Minute Average Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "G",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_load5"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "15 Minute Average Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "H",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_load15"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -2820,7 +4186,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -2854,17 +4219,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Inbound",
+ "alias": "Inbound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2883,7 +4256,7 @@
"measurement": "docker_container_net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "A",
"resultFormat": "time_series",
@@ -2928,7 +4301,7 @@
]
},
{
- "alias": "Outbound",
+ "alias": "Outbound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2947,7 +4320,7 @@
"measurement": "docker_container_net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "B",
"resultFormat": "time_series",
@@ -2990,6 +4363,136 @@
"value": "so-logstash"
}
]
+ },
+ {
+ "alias": "Inbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_rx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-logstash"
+ }
+ ]
+ },
+ {
+ "alias": "Outbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_tx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-logstash"
+ }
+ ]
}
],
"thresholds": [],
@@ -3050,7 +4553,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -3086,11 +4588,19 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": true,
"steppedLine": false,
@@ -3113,6 +4623,7 @@
}
],
"measurement": "mem",
+ "orderByTime": "ASC",
"policy": "default",
"refId": "A",
"resultFormat": "time_series",
@@ -3156,6 +4667,7 @@
}
],
"measurement": "mem",
+ "orderByTime": "ASC",
"policy": "default",
"refId": "B",
"resultFormat": "time_series",
@@ -3199,6 +4711,7 @@
}
],
"measurement": "mem",
+ "orderByTime": "ASC",
"policy": "default",
"refId": "C",
"resultFormat": "time_series",
@@ -3242,6 +4755,7 @@
}
],
"measurement": "mem",
+ "orderByTime": "ASC",
"policy": "default",
"refId": "D",
"resultFormat": "time_series",
@@ -3266,6 +4780,186 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Used Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": true,
+ "measurement": "mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "E",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_used"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Buffered Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": true,
+ "measurement": "mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "F",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_buffered"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Cached Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": true,
+ "measurement": "mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "G",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_cached"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Free Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": true,
+ "measurement": "mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "H",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_free"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -3323,7 +5017,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -3357,17 +5050,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": true,
"steppedLine": false,
"targets": [
{
- "alias": "Blocked",
+ "alias": "Blocked Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3385,6 +5086,7 @@
],
"hide": false,
"measurement": "processes",
+ "orderByTime": "ASC",
"policy": "default",
"refId": "A",
"resultFormat": "time_series",
@@ -3411,7 +5113,7 @@
]
},
{
- "alias": "Running",
+ "alias": "Running Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3428,6 +5130,7 @@
}
],
"measurement": "processes",
+ "orderByTime": "ASC",
"policy": "default",
"refId": "B",
"resultFormat": "time_series",
@@ -3454,7 +5157,7 @@
]
},
{
- "alias": "Sleep",
+ "alias": "Sleep Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3471,6 +5174,7 @@
}
],
"measurement": "processes",
+ "orderByTime": "ASC",
"policy": "default",
"refId": "C",
"resultFormat": "time_series",
@@ -3495,6 +5199,141 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Blocked Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": true,
+ "measurement": "processes",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_blocked"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Running Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": true,
+ "measurement": "processes",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "E",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_running"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Sleep Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": true,
+ "measurement": "processes",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "F",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_sleeping"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -3553,7 +5392,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -3587,11 +5425,19 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
@@ -3616,7 +5462,7 @@
"measurement": "docker_container_net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "A",
"resultFormat": "time_series",
@@ -3680,7 +5526,7 @@
"measurement": "docker_container_net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "B",
"resultFormat": "time_series",
@@ -3723,6 +5569,136 @@
"value": "so-influxdb"
}
]
+ },
+ {
+ "alias": "Inbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_rx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-influxdb"
+ }
+ ]
+ },
+ {
+ "alias": "Outbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_tx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-influxdb"
+ }
+ ]
}
],
"thresholds": [],
@@ -3777,7 +5753,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -3810,17 +5785,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Read",
+ "alias": "Read Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3837,6 +5820,7 @@
}
],
"measurement": "diskio",
+ "orderByTime": "ASC",
"policy": "default",
"refId": "A",
"resultFormat": "time_series",
@@ -3867,7 +5851,7 @@
]
},
{
- "alias": "Write",
+ "alias": "Write Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3884,6 +5868,7 @@
}
],
"measurement": "diskio",
+ "orderByTime": "ASC",
"policy": "default",
"refId": "B",
"resultFormat": "time_series",
@@ -3912,6 +5897,104 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Read Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": true,
+ "measurement": "diskio",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_read_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [],
+ "type": "non_negative_difference"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Write Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": true,
+ "measurement": "diskio",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_write_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [],
+ "type": "non_negative_difference"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -3966,7 +6049,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -4000,17 +6082,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Threads",
+ "alias": "Threads Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -4027,6 +6117,7 @@
}
],
"measurement": "processes",
+ "orderByTime": "ASC",
"policy": "default",
"refId": "A",
"resultFormat": "time_series",
@@ -4051,6 +6142,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Threads Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "processes",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_total_threads"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -4109,7 +6245,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -4143,17 +6278,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Inbound",
+ "alias": "Inbound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -4172,7 +6315,7 @@
"measurement": "docker_container_net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "A",
"resultFormat": "time_series",
@@ -4217,7 +6360,7 @@
]
},
{
- "alias": "Outbound",
+ "alias": "Outbound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -4236,7 +6379,7 @@
"measurement": "docker_container_net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "B",
"resultFormat": "time_series",
@@ -4279,6 +6422,136 @@
"value": "so-aptcacherng"
}
]
+ },
+ {
+ "alias": "Inbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_rx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-aptcacherng"
+ }
+ ]
+ },
+ {
+ "alias": "Outbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_tx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-aptcacherng"
+ }
+ ]
}
],
"thresholds": [],
@@ -4324,8 +6597,8 @@
}
}
],
- "refresh": false,
- "schemaVersion": 26,
+ "refresh": "30s",
+ "schemaVersion": 27,
"style": "dark",
"tags": [],
"templating": {
@@ -4339,6 +6612,7 @@
"text": "10s",
"value": "10s"
},
+ "description": null,
"error": null,
"hide": 0,
"label": null,
@@ -4406,7 +6680,7 @@
}
],
"query": "10s, 1m,10m,30m,1h,6h,12h,1d,7d,14d,30d",
- "refresh": 2,
+ "refresh": 3,
"skipUrlSync": false,
"type": "interval"
}
@@ -4443,6 +6717,6 @@
},
"timezone": "browser",
"title": "Manager Node - {{ SERVERNAME }} Overview",
- "uid": "so_overview",
- "version": 3
-}
\ No newline at end of file
+ "uid": "{{ UID }}",
+ "version": 19
+}
diff --git a/salt/grafana/dashboards/managersearch/managersearch.json b/salt/grafana/dashboards/managersearch/managersearch.json
index b46cdcc76..eae0cda10 100644
--- a/salt/grafana/dashboards/managersearch/managersearch.json
+++ b/salt/grafana/dashboards/managersearch/managersearch.json
@@ -17,7 +17,7 @@
"gnetId": 2381,
"graphTooltip": 0,
"id": 6,
- "iteration": 1614096099337,
+ "iteration": 1625012701746,
"links": [],
"panels": [
{
@@ -29,36 +29,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
- "mappings": [
- {
- "id": 0,
- "op": "=",
- "text": "N/A",
- "type": 1,
- "value": "null"
- }
- ],
- "max": 100,
- "min": 0,
- "nullValueMode": "connected",
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "rgba(50, 172, 45, 0.97)",
- "value": null
- },
- {
- "color": "rgba(237, 129, 40, 0.89)",
- "value": 60
- },
- {
- "color": "rgba(245, 54, 54, 0.9)",
- "value": 80
- }
- ]
- },
"unit": "percent"
},
"overrides": []
@@ -90,17 +60,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Usage",
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -154,6 +132,63 @@
"value": "cpu-total"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_idle"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "* -1 + 100"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
}
],
"thresholds": [],
@@ -201,7 +236,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"decimals": 2,
"mappings": [],
"thresholds": {
@@ -236,9 +270,10 @@
"fields": "",
"values": false
},
+ "text": {},
"textMode": "auto"
},
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"targets": [
{
"groupBy": [
@@ -297,7 +332,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -329,16 +363,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -373,7 +416,64 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-elasticsearch"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -444,7 +544,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -475,16 +574,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"groupBy": [
{
"params": [
@@ -518,7 +626,63 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-kibana"
+ },
+ {
+ "condition": "AND",
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -543,7 +707,7 @@
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
- "title": "{{ SERVERNAME }} - Kibana CPU",
+ "title": "{{ SERVERNAME }} - Kibana CPU Usage",
"tooltip": {
"shared": true,
"sort": 0,
@@ -589,7 +753,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -620,16 +783,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Queue Current",
"groupBy": [
{
"params": [
@@ -670,6 +842,50 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Queue Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "redisqueue",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_unparsed"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -721,7 +937,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -752,16 +967,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"groupBy": [
{
"params": [
@@ -808,6 +1032,56 @@
"value": "so-redis"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-redis"
+ }
+ ]
}
],
"thresholds": [],
@@ -859,9 +1133,7 @@
"dashes": false,
"datasource": "InfluxDB",
"fieldConfig": {
- "defaults": {
- "custom": {}
- },
+ "defaults": {},
"overrides": []
},
"fill": 1,
@@ -890,17 +1162,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Used",
+ "alias": "Used Current",
"groupBy": [
{
"params": [
@@ -947,6 +1227,56 @@
"value": "/"
}
]
+ },
+ {
+ "alias": "Used Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "disk",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_used_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "path",
+ "operator": "=",
+ "value": "/"
+ }
+ ]
}
],
"thresholds": [],
@@ -997,9 +1327,7 @@
"dashes": false,
"datasource": "InfluxDB",
"fieldConfig": {
- "defaults": {
- "custom": {}
- },
+ "defaults": {},
"overrides": []
},
"fill": 1,
@@ -1028,17 +1356,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Used",
+ "alias": "Used Current",
"groupBy": [
{
"params": [
@@ -1085,6 +1421,56 @@
"value": "/nsm"
}
]
+ },
+ {
+ "alias": "Used Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "disk",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_used_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "path",
+ "operator": "=",
+ "value": "/nsm"
+ }
+ ]
}
],
"thresholds": [],
@@ -1136,7 +1522,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -1167,16 +1552,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"groupBy": [
{
"params": [
@@ -1210,7 +1604,63 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-influxdb"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -1282,7 +1732,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -1314,16 +1763,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1358,7 +1816,64 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-logstash"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -1429,7 +1944,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -1460,16 +1974,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"groupBy": [
{
"params": [
@@ -1503,7 +2026,63 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-redis"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -1574,7 +2153,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -1605,16 +2183,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Size Current",
"groupBy": [
{
"params": [
@@ -1631,7 +2218,7 @@
],
"measurement": "influxsize",
"orderByTime": "ASC",
- "policy": "autogen",
+ "policy": "default",
"refId": "A",
"resultFormat": "time_series",
"select": [
@@ -1655,6 +2242,50 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Size Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "influxsize",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_kbytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -1716,7 +2347,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -1750,17 +2380,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "System",
+ "alias": "System Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1810,7 +2448,7 @@
]
},
{
- "alias": "User",
+ "alias": "User Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1860,7 +2498,7 @@
]
},
{
- "alias": "Nice",
+ "alias": "Nice Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1910,7 +2548,7 @@
]
},
{
- "alias": "Interrupt",
+ "alias": "Interrupt Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1960,7 +2598,7 @@
]
},
{
- "alias": "Wait",
+ "alias": "Wait Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2010,7 +2648,7 @@
]
},
{
- "alias": "SoftIRQ",
+ "alias": "SoftIRQ Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2058,6 +2696,312 @@
"value": "cpu-total"
}
]
+ },
+ {
+ "alias": "System Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "G",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_system"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "User Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "H",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_user"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "Nice Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "I",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_nice"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "Interrupt Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "J",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_irq"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "Wait Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "K",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_iowait"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "SoftIRQ Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "L",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_softirq"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
}
],
"thresholds": [],
@@ -2116,7 +3060,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -2150,17 +3093,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4,
+ "spaceLength": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Inbound",
+ "alias": "Inbound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2179,7 +3130,7 @@
"measurement": "net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "A",
"resultFormat": "time_series",
@@ -2224,7 +3175,7 @@
]
},
{
- "alias": "Outbound",
+ "alias": "Outbound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2243,7 +3194,7 @@
"measurement": "net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "B",
"resultFormat": "time_series",
@@ -2286,6 +3237,136 @@
"value": "{{ MANINT }}"
}
]
+ },
+ {
+ "alias": "Inbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_bytes_recv"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "interface",
+ "operator": "=",
+ "value": "{{ MANINT }}"
+ }
+ ]
+ },
+ {
+ "alias": "Outbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_bytes_sent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "interface",
+ "operator": "=",
+ "value": "{{ MANINT }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -2339,7 +3420,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -2371,16 +3451,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Count Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2422,13 +3511,58 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Count Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "elasticsearch_indices",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_docs_count"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
- "title": "{{ SERVERNAME }} - ES Documents",
+ "title": "{{ SERVERNAME }} - ES Documents Count",
"tooltip": {
"shared": true,
"sort": 0,
@@ -2475,7 +3609,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -2507,16 +3640,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Size Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2558,6 +3700,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Size Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "elasticsearch_indices",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_fielddata_memory_size_in_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -2615,7 +3802,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -2649,14 +3835,21 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
- "alias": "#cpu",
+ "alias": "#cpu Current",
"fill": 0
+ },
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
}
],
"spaceLength": 10,
@@ -2664,7 +3857,7 @@
"steppedLine": false,
"targets": [
{
- "alias": "#cpu",
+ "alias": "#cpu Current",
"groupBy": [
{
"params": [
@@ -2707,7 +3900,7 @@
]
},
{
- "alias": "1 Minute Average",
+ "alias": "1 Minute Average Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2751,7 +3944,7 @@
]
},
{
- "alias": "5 Minute Average",
+ "alias": "5 Minute Average Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2795,7 +3988,7 @@
]
},
{
- "alias": "15 Minute Average",
+ "alias": "15 Minute Average Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2837,6 +4030,185 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "#cpu Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "E",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_n_cpus"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "last"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "1 Minute Average Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "F",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_load1"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "5 Minute Average Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "G",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_load5"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "15 Minute Average Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "H",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_load15"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -2895,7 +4267,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -2929,17 +4300,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Inbound",
+ "alias": "Inbound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2958,7 +4337,7 @@
"measurement": "docker_container_net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "A",
"resultFormat": "time_series",
@@ -3003,7 +4382,7 @@
]
},
{
- "alias": "Outbound",
+ "alias": "Outbound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3022,7 +4401,7 @@
"measurement": "docker_container_net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "B",
"resultFormat": "time_series",
@@ -3065,6 +4444,136 @@
"value": "so-logstash"
}
]
+ },
+ {
+ "alias": "Inbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_rx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-logstash"
+ }
+ ]
+ },
+ {
+ "alias": "Outbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_tx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-logstash"
+ }
+ ]
}
],
"thresholds": [],
@@ -3118,7 +4627,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -3150,16 +4658,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Count Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3201,6 +4718,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Count Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "elasticsearch_jvm",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_threads_count"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -3254,7 +4816,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -3286,16 +4847,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Size Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3337,6 +4907,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Size Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "elasticsearch_indices",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_store_size_in_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -3394,7 +5009,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -3428,7 +5042,7 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
@@ -3618,7 +5232,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -3650,17 +5263,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Inbound",
+ "alias": "Inbound Current",
"groupBy": [
{
"params": [
@@ -3723,7 +5344,7 @@
]
},
{
- "alias": "Outbound",
+ "alias": "Outbound Current",
"groupBy": [
{
"params": [
@@ -3782,6 +5403,132 @@
"value": "so-influxdb"
}
]
+ },
+ {
+ "alias": "Inbound Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT non_negative_derivative(mean(\"rx_bytes\"), 1s) *8 FROM \"docker_container_net\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"container_name\" = 'so-influxdb') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_rx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ " *8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-influxdb"
+ }
+ ]
+ },
+ {
+ "alias": "Outbound Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_tx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-influxdb"
+ }
+ ]
}
],
"thresholds": [],
@@ -3834,7 +5581,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -3866,16 +5612,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3917,6 +5672,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "elasticsearch_jvm",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_mem_heap_used_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -3971,7 +5771,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -4005,17 +5804,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Threads",
+ "alias": "Threads Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -4032,6 +5839,7 @@
}
],
"measurement": "processes",
+ "orderByTime": "ASC",
"policy": "default",
"refId": "A",
"resultFormat": "time_series",
@@ -4056,6 +5864,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Threads Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "processes",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_total_threads"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -4108,7 +5961,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -4140,11 +5992,19 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
@@ -4270,6 +6130,130 @@
"value": "so-aptcacherng"
}
]
+ },
+ {
+ "alias": "Inbound Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_rx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-aptcacherng"
+ }
+ ]
+ },
+ {
+ "alias": "Outbound Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_tx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-aptcacherng"
+ }
+ ]
}
],
"thresholds": [],
@@ -4322,7 +6306,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -4354,17 +6337,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Total",
+ "alias": "Total Current",
"groupBy": [
{
"params": [
@@ -4407,7 +6398,7 @@
]
},
{
- "alias": "Used",
+ "alias": "Used Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -4449,6 +6440,95 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Total Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_total"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Used Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_used"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -4502,7 +6582,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -4535,7 +6614,7 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
@@ -4690,7 +6769,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -4722,16 +6800,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Wait Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -4773,6 +6860,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Wait Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_iowait"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -4833,7 +6965,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -4869,7 +7000,7 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
@@ -5101,9 +7232,7 @@
"datasource": "InfluxDB",
"description": "",
"fieldConfig": {
- "defaults": {
- "custom": {}
- },
+ "defaults": {},
"overrides": []
},
"fill": 1,
@@ -5132,17 +7261,25 @@
"alertThreshold": false
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "EPS",
+ "alias": "EPS Current",
"groupBy": [
{
"params": [
@@ -5184,6 +7321,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "EPS Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "consumptioneps",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "queryType": "randomWalk",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_eps"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -5229,7 +7411,7 @@
}
],
"refresh": "30s",
- "schemaVersion": 26,
+ "schemaVersion": 27,
"style": "dark",
"tags": [],
"templating": {
@@ -5243,6 +7425,7 @@
"text": "10s",
"value": "10s"
},
+ "description": null,
"error": null,
"hide": 0,
"label": null,
@@ -5347,6 +7530,6 @@
},
"timezone": "browser",
"title": "ManagerSearch Node - {{ SERVERNAME }} Overview",
- "uid": "so_overview",
- "version": 6
-}
\ No newline at end of file
+ "uid": "{{ UID }}",
+ "version": 11
+}
diff --git a/salt/grafana/dashboards/search_nodes/searchnode.json b/salt/grafana/dashboards/search_nodes/searchnode.json
index 72ebe768a..dd2430b00 100644
--- a/salt/grafana/dashboards/search_nodes/searchnode.json
+++ b/salt/grafana/dashboards/search_nodes/searchnode.json
@@ -16,61 +16,69 @@
"editable": true,
"gnetId": 2381,
"graphTooltip": 0,
- "iteration": 1586957065151,
+ "id": 6,
+ "iteration": 1625015408259,
"links": [],
"panels": [
{
+ "aliasColors": {},
+ "bars": false,
+ "cacheTimeout": null,
+ "dashLength": 10,
+ "dashes": false,
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
- "unit": "percent",
- "min": 0,
- "max": 100,
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "rgba(50, 172, 45, 0.97)",
- "value": null
- },
- {
- "color": "rgba(237, 129, 40, 0.89)",
- "value": 60
- },
- {
- "color": "rgba(245, 54, 54, 0.9)",
- "value": 80
- }
- ]
- },
- "mappings": [
- {
- "id": 0,
- "op": "=",
- "text": "N/A",
- "type": 1,
- "value": "null"
- }
- ],
- "nullValueMode": "connected"
+ "unit": "percent"
},
"overrides": []
},
+ "fill": 1,
+ "fillGradient": 0,
"gridPos": {
"h": 5,
"w": 4,
"x": 0,
"y": 0
},
+ "hiddenSeries": false,
"id": 2,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
"links": [],
+ "nullPointMode": "connected",
"options": {
"alertThreshold": true
},
- "pluginVersion": "7.3.4",
+ "percentage": false,
+ "pluginVersion": "7.5.4",
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -123,83 +131,126 @@
"operator": "=",
"value": "cpu-total"
}
- ],
- "alias": "Usage"
- }
- ],
- "title": "{{ SERVERNAME }} - CPU",
- "type": "graph",
- "cacheTimeout": null,
- "renderer": "flot",
- "yaxes": [
- {
- "label": null,
- "show": true,
- "logBase": 1,
- "min": null,
- "max": null,
- "format": "percent",
- "$$hashKey": "object:395"
+ ]
},
{
- "label": null,
- "show": false,
- "logBase": 1,
- "min": null,
- "max": null,
- "format": "short",
- "$$hashKey": "object:396"
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_idle"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "* -1 + 100"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
}
],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - CPU",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
"xaxis": {
- "show": true,
+ "buckets": null,
"mode": "time",
"name": null,
- "values": [],
- "buckets": null
+ "show": true,
+ "values": []
},
+ "yaxes": [
+ {
+ "format": "percent",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
"yaxis": {
"align": false,
"alignLevel": null
- },
- "lines": true,
- "fill": 1,
- "fillGradient": 0,
- "linewidth": 1,
- "dashes": false,
- "hiddenSeries": false,
- "dashLength": 10,
- "spaceLength": 10,
- "points": false,
- "pointradius": 2,
- "bars": false,
- "stack": false,
- "percentage": false,
- "legend": {
- "show": false,
- "values": false,
- "min": false,
- "max": false,
- "current": false,
- "total": false,
- "avg": false
- },
- "nullPointMode": "connected",
- "steppedLine": false,
- "tooltip": {
- "value_type": "individual",
- "shared": true,
- "sort": 0
- },
- "timeFrom": null,
- "timeShift": null,
- "aliasColors": {},
- "seriesOverrides": [],
- "thresholds": [],
- "timeRegions": []
+ }
},
{
"datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "decimals": 2,
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "rgb(255, 255, 255)",
+ "value": null
+ }
+ ]
+ },
+ "unit": "s"
+ },
+ "overrides": []
+ },
"gridPos": {
"h": 5,
"w": 4,
@@ -209,32 +260,20 @@
"id": 39,
"options": {
"colorMode": "value",
- "fieldOptions": {
+ "graphMode": "none",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
"calcs": [
"lastNotNull"
],
- "defaults": {
- "decimals": 2,
- "mappings": [],
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "rgb(255, 255, 255)",
- "value": null
- }
- ]
- },
- "unit": "s"
- },
- "overrides": [],
+ "fields": "",
"values": false
},
- "graphMode": "none",
- "justifyMode": "auto",
- "orientation": "auto"
+ "text": {},
+ "textMode": "auto"
},
- "pluginVersion": "6.6.2",
+ "pluginVersion": "7.5.4",
"targets": [
{
"groupBy": [
@@ -291,6 +330,12 @@
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "links": []
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"gridPos": {
@@ -315,18 +360,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -361,7 +416,64 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-logstash"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -431,6 +543,12 @@
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "links": []
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"gridPos": {
@@ -455,18 +573,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -501,7 +629,64 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-elasticsearch"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -571,6 +756,12 @@
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "links": []
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"gridPos": {
@@ -595,18 +786,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Count Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -648,13 +849,58 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Count Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "elasticsearch_indices",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_docs_count"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
- "title": "{{ SERVERNAME }} - ES Documents",
+ "title": "{{ SERVERNAME }} - ES Documents Count",
"tooltip": {
"shared": true,
"sort": 0,
@@ -699,6 +945,12 @@
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "links": []
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"gridPos": {
@@ -723,18 +975,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Size Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -776,6 +1038,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Size Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "elasticsearch_indices",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_fielddata_memory_size_in_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -826,9 +1133,7 @@
"dashes": false,
"datasource": "InfluxDB",
"fieldConfig": {
- "defaults": {
- "custom": {}
- },
+ "defaults": {},
"overrides": []
},
"fill": 1,
@@ -857,17 +1162,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Used",
+ "alias": "Used Current",
"groupBy": [
{
"params": [
@@ -914,6 +1227,56 @@
"value": "/"
}
]
+ },
+ {
+ "alias": "Used Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "disk",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_used_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "path",
+ "operator": "=",
+ "value": "/"
+ }
+ ]
}
],
"thresholds": [],
@@ -936,7 +1299,6 @@
},
"yaxes": [
{
- "$$hashKey": "object:708",
"format": "percent",
"label": null,
"logBase": 1,
@@ -945,7 +1307,6 @@
"show": true
},
{
- "$$hashKey": "object:709",
"format": "short",
"label": null,
"logBase": 1,
@@ -966,9 +1327,7 @@
"dashes": false,
"datasource": "InfluxDB",
"fieldConfig": {
- "defaults": {
- "custom": {}
- },
+ "defaults": {},
"overrides": []
},
"fill": 1,
@@ -997,17 +1356,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Used",
+ "alias": "Used Current",
"groupBy": [
{
"params": [
@@ -1054,6 +1421,56 @@
"value": "/nsm"
}
]
+ },
+ {
+ "alias": "Used Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "disk",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_used_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "path",
+ "operator": "=",
+ "value": "/nsm"
+ }
+ ]
}
],
"thresholds": [],
@@ -1076,7 +1493,6 @@
},
"yaxes": [
{
- "$$hashKey": "object:708",
"format": "percent",
"label": null,
"logBase": 1,
@@ -1085,7 +1501,6 @@
"show": true
},
{
- "$$hashKey": "object:709",
"format": "short",
"label": null,
"logBase": 1,
@@ -1106,6 +1521,12 @@
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "links": []
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"gridPos": {
@@ -1130,18 +1551,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1183,6 +1614,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "elasticsearch_jvm",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_mem_heap_used_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -1234,6 +1710,12 @@
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "links": []
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"gridPos": {
@@ -1258,18 +1740,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Size Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1311,6 +1803,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Size Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "elasticsearch_indices",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_store_size_in_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -1362,6 +1899,12 @@
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "links": []
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"gridPos": {
@@ -1386,18 +1929,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Count Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1439,6 +1992,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Count Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "elasticsearch_jvm",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_threads_count"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -1490,6 +2088,12 @@
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "links": []
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"gridPos": {
@@ -1514,18 +2118,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Wait Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1567,6 +2181,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Wait Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_iowait"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -1627,6 +2286,12 @@
"datasource": "InfluxDB",
"editable": true,
"error": false,
+ "fieldConfig": {
+ "defaults": {
+ "links": []
+ },
+ "overrides": []
+ },
"fill": 4,
"fillGradient": 0,
"grid": {},
@@ -1653,19 +2318,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "System",
+ "alias": "System Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1715,7 +2389,7 @@
]
},
{
- "alias": "User",
+ "alias": "User Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1765,7 +2439,7 @@
]
},
{
- "alias": "Nice",
+ "alias": "Nice Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1815,7 +2489,7 @@
]
},
{
- "alias": "Interrupt",
+ "alias": "Interrupt Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1865,7 +2539,7 @@
]
},
{
- "alias": "Wait",
+ "alias": "Wait Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1915,7 +2589,7 @@
]
},
{
- "alias": "SoftIRQ",
+ "alias": "SoftIRQ Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1963,6 +2637,312 @@
"value": "cpu-total"
}
]
+ },
+ {
+ "alias": "System Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "G",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_system"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "User Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "H",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_user"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "Nice Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "I",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_nice"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "Interrupt Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "J",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_irq"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "Wait Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "K",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_iowait"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "SoftIRQ Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "L",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_softirq"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
}
],
"thresholds": [],
@@ -2014,6 +2994,12 @@
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
+ "fieldConfig": {
+ "defaults": {
+ "links": []
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"gridPos": {
@@ -2038,19 +3024,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Total",
+ "alias": "Total Current",
"groupBy": [
{
"params": [
@@ -2093,7 +3088,7 @@
]
},
{
- "alias": "Used",
+ "alias": "Used Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2135,6 +3130,95 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Total Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_total"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Used Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_used"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -2186,6 +3270,12 @@
"datasource": "InfluxDB",
"editable": true,
"error": false,
+ "fieldConfig": {
+ "defaults": {
+ "links": []
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"grid": {},
@@ -2211,9 +3301,10 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
@@ -2371,6 +3462,12 @@
"datasource": "InfluxDB",
"editable": true,
"error": false,
+ "fieldConfig": {
+ "defaults": {
+ "links": []
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"grid": {},
@@ -2397,16 +3494,24 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
- "alias": "#cpu",
+ "alias": "#cpu Current",
"fill": 0
+ },
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
}
],
"spaceLength": 10,
@@ -2414,7 +3519,7 @@
"steppedLine": false,
"targets": [
{
- "alias": "#cpu",
+ "alias": "#cpu Current",
"groupBy": [
{
"params": [
@@ -2457,7 +3562,7 @@
]
},
{
- "alias": "1 Minute Average",
+ "alias": "1 Minute Average Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2501,7 +3606,7 @@
]
},
{
- "alias": "5 Minute Average",
+ "alias": "5 Minute Average Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2545,7 +3650,7 @@
]
},
{
- "alias": "15 Minute Average",
+ "alias": "15 Minute Average Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2587,6 +3692,185 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "#cpu Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "E",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_n_cpus"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "last"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "1 Minute Average Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "F",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_load1"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "5 Minute Average Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "G",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_load5"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "15 Minute Average Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "H",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_load15"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -2645,6 +3929,12 @@
"decimals": null,
"editable": true,
"error": false,
+ "fieldConfig": {
+ "defaults": {
+ "links": []
+ },
+ "overrides": []
+ },
"fill": 6,
"fillGradient": 0,
"grid": {},
@@ -2673,9 +3963,10 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
@@ -2911,6 +4202,12 @@
"datasource": "InfluxDB",
"editable": true,
"error": false,
+ "fieldConfig": {
+ "defaults": {
+ "links": []
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"grid": {},
@@ -2937,19 +4234,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Inbound",
+ "alias": "Inbound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2968,7 +4274,7 @@
"measurement": "net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "A",
"resultFormat": "time_series",
@@ -3013,7 +4319,7 @@
]
},
{
- "alias": "Outbound",
+ "alias": "Outbound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3032,7 +4338,7 @@
"measurement": "net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "B",
"resultFormat": "time_series",
@@ -3075,6 +4381,136 @@
"value": "{{ MANINT }}"
}
]
+ },
+ {
+ "alias": "Inbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_bytes_recv"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "interface",
+ "operator": "=",
+ "value": "{{ MANINT }}"
+ }
+ ]
+ },
+ {
+ "alias": "Outbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_bytes_sent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "interface",
+ "operator": "=",
+ "value": "{{ MANINT }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -3130,6 +4566,12 @@
"datasource": "InfluxDB",
"editable": true,
"error": false,
+ "fieldConfig": {
+ "defaults": {
+ "links": []
+ },
+ "overrides": []
+ },
"fill": 7,
"fillGradient": 0,
"grid": {},
@@ -3156,9 +4598,10 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
@@ -3348,6 +4791,12 @@
"datasource": "InfluxDB",
"editable": true,
"error": false,
+ "fieldConfig": {
+ "defaults": {
+ "links": []
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"grid": {},
@@ -3374,19 +4823,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Threads",
+ "alias": "Threads Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3403,6 +4861,7 @@
}
],
"measurement": "processes",
+ "orderByTime": "ASC",
"policy": "default",
"refId": "A",
"resultFormat": "time_series",
@@ -3427,6 +4886,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Threads Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "processes",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_total_threads"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -3483,6 +4987,12 @@
"datasource": "InfluxDB",
"editable": true,
"error": false,
+ "fieldConfig": {
+ "defaults": {
+ "links": []
+ },
+ "overrides": []
+ },
"fill": 1,
"fillGradient": 0,
"grid": {},
@@ -3509,19 +5019,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Inbound",
+ "alias": "Inbound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3540,7 +5059,7 @@
"measurement": "docker_container_net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "A",
"resultFormat": "time_series",
@@ -3585,7 +5104,7 @@
]
},
{
- "alias": "Outbound",
+ "alias": "Outbound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3604,7 +5123,7 @@
"measurement": "docker_container_net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "B",
"resultFormat": "time_series",
@@ -3647,6 +5166,136 @@
"value": "so-logstash"
}
]
+ },
+ {
+ "alias": "Inbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_rx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-logstash"
+ }
+ ]
+ },
+ {
+ "alias": "Outbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_tx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-logstash"
+ }
+ ]
}
],
"thresholds": [],
@@ -3692,8 +5341,8 @@
}
}
],
- "refresh": false,
- "schemaVersion": 22,
+ "refresh": "30s",
+ "schemaVersion": 27,
"style": "dark",
"tags": [],
"templating": {
@@ -3707,6 +5356,8 @@
"text": "10s",
"value": "10s"
},
+ "description": null,
+ "error": null,
"hide": 0,
"label": null,
"name": "Interval",
@@ -3811,5 +5462,5 @@
"timezone": "browser",
"title": "Search Node - {{ SERVERNAME }} Overview",
"uid": "{{ UID }}",
- "version": 1
-}
\ No newline at end of file
+ "version": 13
+}
diff --git a/salt/grafana/dashboards/sensor_nodes/sensor.json b/salt/grafana/dashboards/sensor_nodes/sensor.json
index ea0a6a63b..2bdb0ff12 100644
--- a/salt/grafana/dashboards/sensor_nodes/sensor.json
+++ b/salt/grafana/dashboards/sensor_nodes/sensor.json
@@ -16,14 +16,15 @@
"editable": true,
"gnetId": 2381,
"graphTooltip": 0,
- "iteration": 1602105838173,
+ "id": 6,
+ "iteration": 1625017205779,
"links": [],
"panels": [
{
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
+ "decimals": 2,
"mappings": [],
"thresholds": {
"mode": "absolute",
@@ -34,8 +35,7 @@
}
]
},
- "unit": "s",
- "decimals": 2
+ "unit": "s"
},
"overrides": []
},
@@ -57,9 +57,11 @@
],
"fields": "",
"values": false
- }
+ },
+ "text": {},
+ "textMode": "auto"
},
- "pluginVersion": "7.0.5",
+ "pluginVersion": "7.5.4",
"targets": [
{
"groupBy": [
@@ -110,57 +112,64 @@
"type": "stat"
},
{
+ "aliasColors": {},
+ "bars": false,
+ "cacheTimeout": null,
+ "dashLength": 10,
+ "dashes": false,
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
- "unit": "percent",
- "min": 0,
- "max": 100,
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "rgba(50, 172, 45, 0.97)",
- "value": null
- },
- {
- "color": "rgba(237, 129, 40, 0.89)",
- "value": 60
- },
- {
- "color": "rgba(245, 54, 54, 0.9)",
- "value": 80
- }
- ]
- },
- "mappings": [
- {
- "id": 0,
- "op": "=",
- "text": "N/A",
- "type": 1,
- "value": "null"
- }
- ],
- "nullValueMode": "connected"
+ "unit": "percent"
},
"overrides": []
},
+ "fill": 1,
+ "fillGradient": 0,
"gridPos": {
"h": 5,
"w": 4,
"x": 4,
"y": 0
},
+ "hiddenSeries": false,
"id": 2,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
"links": [],
+ "nullPointMode": "connected",
"options": {
"alertThreshold": true
},
- "pluginVersion": "7.3.4",
+ "percentage": false,
+ "pluginVersion": "7.5.4",
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -213,90 +222,116 @@
"operator": "=",
"value": "cpu-total"
}
- ],
- "alias": "Usage"
- }
- ],
- "title": "{{ SERVERNAME }} - CPU",
- "type": "graph",
- "cacheTimeout": null,
- "renderer": "flot",
- "yaxes": [
- {
- "label": null,
- "show": true,
- "logBase": 1,
- "min": null,
- "max": null,
- "format": "percent",
- "$$hashKey": "object:395"
+ ]
},
{
- "label": null,
- "show": false,
- "logBase": 1,
- "min": null,
- "max": null,
- "format": "short",
- "$$hashKey": "object:396"
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_idle"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "* -1 + 100"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
}
],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - CPU",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
"xaxis": {
- "show": true,
+ "buckets": null,
"mode": "time",
"name": null,
- "values": [],
- "buckets": null
+ "show": true,
+ "values": []
},
+ "yaxes": [
+ {
+ "format": "percent",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
"yaxis": {
"align": false,
"alignLevel": null
- },
- "lines": true,
- "fill": 1,
- "fillGradient": 0,
- "linewidth": 1,
- "dashes": false,
- "hiddenSeries": false,
- "dashLength": 10,
- "spaceLength": 10,
- "points": false,
- "pointradius": 2,
- "bars": false,
- "stack": false,
- "percentage": false,
- "legend": {
- "show": false,
- "values": false,
- "min": false,
- "max": false,
- "current": false,
- "total": false,
- "avg": false
- },
- "nullPointMode": "connected",
- "steppedLine": false,
- "tooltip": {
- "value_type": "individual",
- "shared": true,
- "sort": 0
- },
- "timeFrom": null,
- "timeShift": null,
- "aliasColors": {},
- "seriesOverrides": [],
- "thresholds": [],
- "timeRegions": []
+ }
},
{
"aliasColors": {},
- "bars": true,
+ "bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {}
+ "links": []
},
"overrides": []
},
@@ -319,13 +354,14 @@
"total": false,
"values": false
},
- "lines": false,
+ "lines": true,
"linewidth": 1,
- "nullPointMode": "null",
+ "nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": true,
"renderer": "flot",
@@ -335,6 +371,7 @@
"steppedLine": false,
"targets": [
{
+ "alias": "Loss Current",
"groupBy": [
{
"params": [
@@ -351,7 +388,7 @@
],
"measurement": "zeekcaptureloss",
"orderByTime": "ASC",
- "policy": "autogen",
+ "policy": "default",
"refId": "A",
"resultFormat": "time_series",
"select": [
@@ -375,6 +412,50 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Loss Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": true,
+ "measurement": "zeekcaptureloss",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_loss"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -397,7 +478,6 @@
},
"yaxes": [
{
- "$$hashKey": "object:139",
"decimals": 1,
"format": "percent",
"label": "",
@@ -407,7 +487,6 @@
"show": true
},
{
- "$$hashKey": "object:140",
"format": "short",
"label": null,
"logBase": 1,
@@ -430,7 +509,7 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {}
+ "links": []
},
"overrides": []
},
@@ -458,18 +537,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Loss Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -517,6 +606,57 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Loss Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "zeekdrop",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_drop"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "* 100"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -569,7 +709,7 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {}
+ "links": []
},
"overrides": []
},
@@ -597,18 +737,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Loss Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -656,6 +806,57 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Loss Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "suridrop",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_drop"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "* 100"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -708,7 +909,7 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {}
+ "links": []
},
"overrides": []
},
@@ -736,18 +937,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Loss Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -789,6 +1000,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Loss Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "stenodrop",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_drop"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -839,9 +1095,7 @@
"dashes": false,
"datasource": "InfluxDB",
"fieldConfig": {
- "defaults": {
- "custom": {}
- },
+ "defaults": {},
"overrides": []
},
"fill": 1,
@@ -870,17 +1124,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Used",
+ "alias": "Used Current",
"groupBy": [
{
"params": [
@@ -927,6 +1189,56 @@
"value": "/"
}
]
+ },
+ {
+ "alias": "Used Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "disk",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_used_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "path",
+ "operator": "=",
+ "value": "/"
+ }
+ ]
}
],
"thresholds": [],
@@ -949,7 +1261,6 @@
},
"yaxes": [
{
- "$$hashKey": "object:708",
"format": "percent",
"label": null,
"logBase": 1,
@@ -958,7 +1269,6 @@
"show": true
},
{
- "$$hashKey": "object:709",
"format": "short",
"label": null,
"logBase": 1,
@@ -979,9 +1289,7 @@
"dashes": false,
"datasource": "InfluxDB",
"fieldConfig": {
- "defaults": {
- "custom": {}
- },
+ "defaults": {},
"overrides": []
},
"fill": 1,
@@ -1010,17 +1318,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Used",
+ "alias": "Used Current",
"groupBy": [
{
"params": [
@@ -1067,6 +1383,56 @@
"value": "/nsm"
}
]
+ },
+ {
+ "alias": "Used Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "disk",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_used_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "path",
+ "operator": "=",
+ "value": "/nsm"
+ }
+ ]
}
],
"thresholds": [],
@@ -1089,7 +1455,6 @@
},
"yaxes": [
{
- "$$hashKey": "object:708",
"format": "percent",
"label": null,
"logBase": 1,
@@ -1098,7 +1463,6 @@
"show": true
},
{
- "$$hashKey": "object:709",
"format": "short",
"label": null,
"logBase": 1,
@@ -1113,58 +1477,64 @@
}
},
{
+ "aliasColors": {},
+ "bars": false,
+ "cacheTimeout": null,
+ "dashLength": 10,
+ "dashes": false,
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
- "unit": "s",
- "min": 0,
- "max": null,
- "decimals": 2,
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "rgba(245, 54, 54, 0.9)",
- "value": null
- },
- {
- "color": "rgba(237, 129, 40, 0.89)",
- "value": 259200
- },
- {
- "color": "rgba(50, 172, 45, 0.97)",
- "value": 432000
- }
- ]
- },
- "mappings": [
- {
- "id": 0,
- "op": "=",
- "text": "N/A",
- "type": 1,
- "value": "null"
- }
- ],
- "nullValueMode": "connected"
+ "unit": "s"
},
"overrides": []
},
+ "fill": 1,
+ "fillGradient": 0,
"gridPos": {
"h": 5,
"w": 4,
"x": 8,
"y": 5
},
+ "hiddenSeries": false,
"id": 22,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
"links": [],
+ "nullPointMode": "connected",
"options": {
"alertThreshold": true
},
- "pluginVersion": "7.3.4",
+ "percentage": false,
+ "pluginVersion": "7.5.4",
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
"targets": [
{
+ "alias": "Oldest Pcap Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1205,82 +1575,96 @@
"operator": "=",
"value": "{{ SERVERNAME }}"
}
- ],
- "alias": "Oldest Pcap"
- }
- ],
- "title": "{{ SERVERNAME }} - PCAP Retention",
- "type": "graph",
- "renderer": "flot",
- "yaxes": [
- {
- "label": "",
- "show": true,
- "logBase": 1,
- "min": null,
- "max": null,
- "format": "s",
- "$$hashKey": "object:643",
- "decimals": 2
+ ]
},
{
- "label": null,
- "show": false,
- "logBase": 1,
- "min": null,
- "max": null,
- "format": "short",
- "$$hashKey": "object:644"
+ "alias": "Oldest Pcap Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "pcapage",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_seconds"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "{{ SERVERNAME }} - PCAP Retention",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
"xaxis": {
- "show": true,
+ "buckets": null,
"mode": "time",
"name": null,
- "values": [],
- "buckets": null
+ "show": true,
+ "values": []
},
+ "yaxes": [
+ {
+ "decimals": 2,
+ "format": "s",
+ "label": "",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
"yaxis": {
"align": false,
"alignLevel": null
- },
- "lines": true,
- "fill": 1,
- "linewidth": 1,
- "dashLength": 10,
- "spaceLength": 10,
- "pointradius": 2,
- "legend": {
- "show": true,
- "values": false,
- "min": false,
- "max": false,
- "current": false,
- "total": false,
- "avg": false
- },
- "nullPointMode": "connected",
- "tooltip": {
- "value_type": "individual",
- "shared": true,
- "sort": 0
- },
- "aliasColors": {},
- "seriesOverrides": [],
- "thresholds": [],
- "timeRegions": [],
- "cacheTimeout": null,
- "timeFrom": null,
- "timeShift": null,
- "fillGradient": 0,
- "dashes": false,
- "hiddenSeries": false,
- "points": false,
- "bars": false,
- "stack": false,
- "percentage": false,
- "steppedLine": false
- },
+ }
+ },
{
"aliasColors": {},
"bars": false,
@@ -1290,7 +1674,7 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {}
+ "links": []
},
"overrides": []
},
@@ -1318,18 +1702,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1364,7 +1758,64 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-zeek"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -1435,7 +1886,7 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {}
+ "links": []
},
"overrides": []
},
@@ -1463,18 +1914,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1509,7 +1970,64 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-suricata"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -1580,7 +2098,7 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {}
+ "links": []
},
"overrides": []
},
@@ -1608,18 +2126,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1654,7 +2182,64 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-steno"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -1734,7 +2319,7 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {}
+ "links": []
},
"overrides": []
},
@@ -1764,19 +2349,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "System",
+ "alias": "System Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1826,7 +2420,7 @@
]
},
{
- "alias": "User",
+ "alias": "User Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1876,7 +2470,7 @@
]
},
{
- "alias": "Nice",
+ "alias": "Nice Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1926,7 +2520,7 @@
]
},
{
- "alias": "Interrupt",
+ "alias": "Interrupt Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1976,7 +2570,7 @@
]
},
{
- "alias": "Wait",
+ "alias": "Wait Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2026,7 +2620,7 @@
]
},
{
- "alias": "SoftIRQ",
+ "alias": "SoftIRQ Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2074,6 +2668,312 @@
"value": "cpu-total"
}
]
+ },
+ {
+ "alias": "System Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "G",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_system"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "User Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "H",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_user"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "Nice Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "I",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_nice"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "Interrupt Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "J",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_irq"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "Wait Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "K",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_iowait"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "SoftIRQ Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "L",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_softirq"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
}
],
"thresholds": [],
@@ -2127,7 +3027,7 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {}
+ "links": []
},
"overrides": []
},
@@ -2155,18 +3055,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2208,6 +3118,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_active"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -2260,7 +3215,7 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {}
+ "links": []
},
"overrides": []
},
@@ -2288,18 +3243,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2347,6 +3312,57 @@
"value": "so-zeek"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-zeek"
+ }
+ ]
}
],
"thresholds": [],
@@ -2399,7 +3415,7 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {}
+ "links": []
},
"overrides": []
},
@@ -2427,18 +3443,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2486,6 +3512,57 @@
"value": "so-suricata"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-suricata"
+ }
+ ]
}
],
"thresholds": [],
@@ -2538,7 +3615,7 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {}
+ "links": []
},
"overrides": []
},
@@ -2566,18 +3643,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2625,6 +3712,57 @@
"value": "so-steno"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-steno"
+ }
+ ]
}
],
"thresholds": [],
@@ -2678,7 +3816,7 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {}
+ "links": []
},
"overrides": []
},
@@ -2708,19 +3846,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Threads",
+ "alias": "Threads Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2737,6 +3884,7 @@
}
],
"measurement": "processes",
+ "orderByTime": "ASC",
"policy": "default",
"refId": "A",
"resultFormat": "time_series",
@@ -2761,6 +3909,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Threads Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "processes",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_total_threads"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -2809,7 +4002,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"mappings": [],
"thresholds": {
"mode": "absolute",
@@ -2845,9 +4037,11 @@
],
"fields": "",
"values": false
- }
+ },
+ "text": {},
+ "textMode": "auto"
},
- "pluginVersion": "7.0.5",
+ "pluginVersion": "7.5.4",
"targets": [
{
"groupBy": [
@@ -2866,7 +4060,7 @@
],
"measurement": "healthcheck",
"orderByTime": "ASC",
- "policy": "autogen",
+ "policy": "default",
"refId": "A",
"resultFormat": "time_series",
"select": [
@@ -2911,7 +4105,7 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {}
+ "links": []
},
"overrides": []
},
@@ -2941,19 +4135,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "InBound",
+ "alias": "InBound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2972,7 +4175,7 @@
"measurement": "net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "A",
"resultFormat": "time_series",
@@ -3017,7 +4220,7 @@
]
},
{
- "alias": "OutBound",
+ "alias": "OutBound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3036,7 +4239,7 @@
"measurement": "net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "B",
"resultFormat": "time_series",
@@ -3079,6 +4282,136 @@
"value": "{{ MANINT }}"
}
]
+ },
+ {
+ "alias": "InBound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_bytes_recv"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "interface",
+ "operator": "=",
+ "value": "{{ MANINT }}"
+ }
+ ]
+ },
+ {
+ "alias": "OutBound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_bytes_sent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "interface",
+ "operator": "=",
+ "value": "{{ MANINT }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -3139,7 +4472,7 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {}
+ "links": []
},
"overrides": []
},
@@ -3171,9 +4504,10 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
@@ -3407,7 +4741,7 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {}
+ "links": []
},
"overrides": []
},
@@ -3436,9 +4770,10 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
@@ -3600,7 +4935,7 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {}
+ "links": []
},
"overrides": []
},
@@ -3630,19 +4965,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "InBound",
+ "alias": "InBound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3661,7 +5005,7 @@
"measurement": "net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "A",
"resultFormat": "time_series",
@@ -3704,6 +5048,71 @@
"value": "{{ MONINT }}"
}
]
+ },
+ {
+ "alias": "InBound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_bytes_recv"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "interface",
+ "operator": "=",
+ "value": "{{ MONINT }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -3762,7 +5171,7 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {}
+ "links": []
},
"overrides": []
},
@@ -3792,16 +5201,24 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
- "alias": "#cpu",
+ "alias": "#cpu Current",
"fill": 0
+ },
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
}
],
"spaceLength": 10,
@@ -3809,7 +5226,7 @@
"steppedLine": false,
"targets": [
{
- "alias": "#cpu",
+ "alias": "#cpu Current",
"groupBy": [
{
"params": [
@@ -3852,7 +5269,7 @@
]
},
{
- "alias": "1 Minute Average",
+ "alias": "1 Minute Average Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3896,7 +5313,7 @@
]
},
{
- "alias": "5 Minute Average",
+ "alias": "5 Minute Average Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3940,7 +5357,7 @@
]
},
{
- "alias": "15 Minute Average",
+ "alias": "15 Minute Average Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3982,6 +5399,185 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "#cpu Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "E",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_n_cpus"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "last"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "1 Minute Average Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "F",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_load1"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "5 Minute Average Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "G",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_load5"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "15 Minute Average Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "H",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_load15"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -4039,7 +5635,7 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {}
+ "links": []
},
"overrides": []
},
@@ -4069,9 +5665,10 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
@@ -4267,7 +5864,7 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {}
+ "links": []
},
"overrides": []
},
@@ -4297,19 +5894,28 @@
"links": [],
"nullPointMode": "connected",
"options": {
- "dataLinks": []
+ "alertThreshold": true
},
"percentage": false,
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "InBound",
+ "alias": "InBound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -4328,7 +5934,7 @@
"measurement": "docker_container_net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "A",
"resultFormat": "time_series",
@@ -4373,7 +5979,7 @@
]
},
{
- "alias": "OutBound",
+ "alias": "OutBound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -4392,7 +5998,7 @@
"measurement": "docker_container_net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "B",
"resultFormat": "time_series",
@@ -4435,6 +6041,136 @@
"value": "so-filebeat"
}
]
+ },
+ {
+ "alias": "InBound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_rx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-filebeat"
+ }
+ ]
+ },
+ {
+ "alias": "OutBound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_tx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-filebeat"
+ }
+ ]
}
],
"thresholds": [],
@@ -4480,8 +6216,8 @@
}
}
],
- "refresh": false,
- "schemaVersion": 25,
+ "refresh": "30s",
+ "schemaVersion": 27,
"style": "dark",
"tags": [],
"templating": {
@@ -4495,6 +6231,8 @@
"text": "10s",
"value": "10s"
},
+ "description": null,
+ "error": null,
"hide": 0,
"label": null,
"name": "Interval",
@@ -4561,7 +6299,7 @@
}
],
"query": "10s, 1m,10m,30m,1h,6h,12h,1d,7d,14d,30d",
- "refresh": 2,
+ "refresh": 3,
"skipUrlSync": false,
"type": "interval"
}
@@ -4599,5 +6337,5 @@
"timezone": "browser",
"title": "Sensor Node - {{ SERVERNAME }} Overview",
"uid": "{{ UID }}",
- "version": 1
-}
\ No newline at end of file
+ "version": 15
+}
diff --git a/salt/grafana/dashboards/standalone/standalone.json b/salt/grafana/dashboards/standalone/standalone.json
index 701e6c9f2..5f70b922d 100644
--- a/salt/grafana/dashboards/standalone/standalone.json
+++ b/salt/grafana/dashboards/standalone/standalone.json
@@ -17,7 +17,7 @@
"gnetId": 2381,
"graphTooltip": 0,
"id": 6,
- "iteration": 1614088867725,
+ "iteration": 1625018989654,
"links": [],
"panels": [
{
@@ -29,36 +29,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
- "mappings": [
- {
- "id": 0,
- "op": "=",
- "text": "N/A",
- "type": 1,
- "value": "null"
- }
- ],
- "max": 100,
- "min": 0,
- "nullValueMode": "connected",
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "rgba(50, 172, 45, 0.97)",
- "value": null
- },
- {
- "color": "rgba(237, 129, 40, 0.89)",
- "value": 60
- },
- {
- "color": "rgba(245, 54, 54, 0.9)",
- "value": 80
- }
- ]
- },
"unit": "percent"
},
"overrides": []
@@ -90,17 +60,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Usage",
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -154,6 +132,63 @@
"value": "cpu-total"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_idle"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "* -1 + 100"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
}
],
"thresholds": [],
@@ -201,7 +236,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"decimals": 2,
"mappings": [],
"thresholds": {
@@ -236,9 +270,10 @@
"fields": "",
"values": false
},
+ "text": {},
"textMode": "auto"
},
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"targets": [
{
"groupBy": [
@@ -297,7 +332,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -329,16 +363,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -373,7 +416,64 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-elasticsearch"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -443,7 +543,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -474,16 +573,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"groupBy": [
{
"params": [
@@ -517,7 +625,63 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-kibana"
+ },
+ {
+ "condition": "AND",
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -542,7 +706,7 @@
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
- "title": "{{ SERVERNAME }} - Kibana CPU",
+ "title": "{{ SERVERNAME }} - Kibana CPU Usage",
"tooltip": {
"shared": true,
"sort": 0,
@@ -589,7 +753,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -621,16 +784,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Loss Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -678,6 +850,57 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Loss Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "suridrop",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_drop"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "last"
+ },
+ {
+ "params": [
+ "* 100"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -730,7 +953,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -762,16 +984,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Loss Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -813,6 +1044,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Loss Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "stenodrop",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_drop"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "last"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -864,9 +1140,7 @@
"dashes": false,
"datasource": "InfluxDB",
"fieldConfig": {
- "defaults": {
- "custom": {}
- },
+ "defaults": {},
"overrides": []
},
"fill": 1,
@@ -895,17 +1169,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Used",
+ "alias": "Used Current",
"groupBy": [
{
"params": [
@@ -952,6 +1234,56 @@
"value": "/"
}
]
+ },
+ {
+ "alias": "Used Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "disk",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_used_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "path",
+ "operator": "=",
+ "value": "/"
+ }
+ ]
}
],
"thresholds": [],
@@ -1002,9 +1334,7 @@
"dashes": false,
"datasource": "InfluxDB",
"fieldConfig": {
- "defaults": {
- "custom": {}
- },
+ "defaults": {},
"overrides": []
},
"fill": 1,
@@ -1033,17 +1363,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Used",
+ "alias": "Used Current",
"groupBy": [
{
"params": [
@@ -1090,6 +1428,56 @@
"value": "/nsm"
}
]
+ },
+ {
+ "alias": "Used Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "disk",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_used_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "path",
+ "operator": "=",
+ "value": "/nsm"
+ }
+ ]
}
],
"thresholds": [],
@@ -1141,7 +1529,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -1172,16 +1559,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"groupBy": [
{
"params": [
@@ -1215,7 +1611,63 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-influxdb"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -1286,7 +1738,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -1317,16 +1768,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"groupBy": [
{
"params": [
@@ -1360,7 +1820,63 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-logstash"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -1432,7 +1948,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -1464,16 +1979,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1508,7 +2032,64 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-suricata"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -1579,7 +2160,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -1611,16 +2191,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1655,7 +2244,64 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-steno"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -1736,7 +2382,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -1770,17 +2415,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "System",
+ "alias": "System Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1799,6 +2452,8 @@
"measurement": "cpu",
"orderByTime": "ASC",
"policy": "default",
+ "query": "SELECT mean(\"usage_system\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
"refId": "A",
"resultFormat": "time_series",
"select": [
@@ -1830,7 +2485,7 @@
]
},
{
- "alias": "User",
+ "alias": "User Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1849,6 +2504,8 @@
"measurement": "cpu",
"orderByTime": "ASC",
"policy": "default",
+ "query": "SELECT mean(\"usage_user\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
"refId": "B",
"resultFormat": "time_series",
"select": [
@@ -1880,7 +2537,7 @@
]
},
{
- "alias": "Nice",
+ "alias": "Nice Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1899,6 +2556,8 @@
"measurement": "cpu",
"orderByTime": "ASC",
"policy": "default",
+ "query": "SELECT mean(\"usage_nice\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
"refId": "C",
"resultFormat": "time_series",
"select": [
@@ -1930,7 +2589,7 @@
]
},
{
- "alias": "Interrupt",
+ "alias": "Interrupt Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1949,6 +2608,8 @@
"measurement": "cpu",
"orderByTime": "ASC",
"policy": "default",
+ "query": "SELECT mean(\"usage_irq\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": true,
"refId": "D",
"resultFormat": "time_series",
"select": [
@@ -1980,7 +2641,7 @@
]
},
{
- "alias": "Wait",
+ "alias": "Wait Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -1999,6 +2660,8 @@
"measurement": "cpu",
"orderByTime": "ASC",
"policy": "default",
+ "query": "SELECT mean(\"usage_iowait\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": true,
"refId": "E",
"resultFormat": "time_series",
"select": [
@@ -2030,7 +2693,7 @@
]
},
{
- "alias": "SoftIRQ",
+ "alias": "SoftIRQ Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2049,6 +2712,8 @@
"measurement": "cpu",
"orderByTime": "ASC",
"policy": "default",
+ "query": "SELECT mean(\"usage_softirq\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": true,
"refId": "F",
"resultFormat": "time_series",
"select": [
@@ -2078,6 +2743,324 @@
"value": "cpu-total"
}
]
+ },
+ {
+ "alias": "System Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT mean(\"usage_system\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
+ "refId": "G",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_system"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "User Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT mean(\"usage_user\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
+ "refId": "H",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_user"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "Nice Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT mean(\"usage_nice\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
+ "refId": "I",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_nice"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "Interrupt Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT mean(\"usage_irq\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
+ "refId": "J",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_irq"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "Wait Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT mean(\"usage_iowait\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
+ "refId": "K",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_iowait"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
+ },
+ {
+ "alias": "SoftIRQ Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT mean(\"usage_softirq\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
+ "refId": "L",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_softirq"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "cpu",
+ "operator": "=",
+ "value": "cpu-total"
+ }
+ ]
}
],
"thresholds": [],
@@ -2126,7 +3109,7 @@
"aliasColors": {
"InBound": "#629E51",
"OutBound": "#5195CE",
- "net.non_negative_derivative": "#1F78C1"
+ "net.non_negative_derivative": "super-light-blue"
},
"bars": false,
"dashLength": 10,
@@ -2136,7 +3119,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -2170,17 +3152,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Inbound",
+ "alias": "Inbound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2199,7 +3189,7 @@
"measurement": "net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "A",
"resultFormat": "time_series",
@@ -2244,7 +3234,7 @@
]
},
{
- "alias": "Outbound",
+ "alias": "Outbound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2263,7 +3253,7 @@
"measurement": "net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "B",
"resultFormat": "time_series",
@@ -2306,6 +3296,136 @@
"value": "{{ MANINT }}"
}
]
+ },
+ {
+ "alias": "Inbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_bytes_recv"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "interface",
+ "operator": "=",
+ "value": "{{ MANINT }}"
+ }
+ ]
+ },
+ {
+ "alias": "Outbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_bytes_sent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "interface",
+ "operator": "=",
+ "value": "{{ MANINT }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -2359,7 +3479,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -2391,16 +3510,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2448,6 +3576,57 @@
"value": "so-suricata"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-suricata"
+ }
+ ]
}
],
"thresholds": [],
@@ -2500,7 +3679,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -2532,16 +3710,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2589,6 +3776,57 @@
"value": "so-steno"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-steno"
+ }
+ ]
}
],
"thresholds": [],
@@ -2648,7 +3886,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -2682,13 +3919,20 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
- "alias": "#cpu",
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ },
+ {
+ "alias": "#cpu Current",
"fill": 0
}
],
@@ -2697,7 +3941,7 @@
"steppedLine": false,
"targets": [
{
- "alias": "#cpu",
+ "alias": "#cpu Current",
"groupBy": [
{
"params": [
@@ -2740,7 +3984,7 @@
]
},
{
- "alias": "1 Minute Average",
+ "alias": "1 Minute Average Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2784,7 +4028,7 @@
]
},
{
- "alias": "5 Minute Average",
+ "alias": "5 Minute Average Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2828,7 +4072,7 @@
]
},
{
- "alias": "15 Minute Average",
+ "alias": "15 Minute Average Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2870,6 +4114,185 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "#cpu Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "E",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_n_cpus"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "last"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "1 Minute Average Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "F",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_load1"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "5 Minute Average Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "G",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_load5"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "15 Minute Average Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "system",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "H",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_load15"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -2918,7 +4341,7 @@
"aliasColors": {
"InBound": "#629E51",
"OutBound": "#5195CE",
- "net.non_negative_derivative": "#1F78C1"
+ "net.non_negative_derivative": "light-orange"
},
"bars": false,
"dashLength": 10,
@@ -2928,7 +4351,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -2962,17 +4384,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Inbound",
+ "alias": "Inbound Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -2991,7 +4421,7 @@
"measurement": "net",
"orderByTime": "ASC",
"policy": "default",
- "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": false,
"refId": "A",
"resultFormat": "time_series",
@@ -3034,6 +4464,71 @@
"value": "{{ MONINT }}"
}
]
+ },
+ {
+ "alias": "Inbound Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)",
+ "rawQuery": false,
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_bytes_recv"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "interface",
+ "operator": "=",
+ "value": "{{ MONINT }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -3082,7 +4577,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"mappings": [],
"thresholds": {
"mode": "absolute",
@@ -3119,9 +4613,10 @@
"fields": "",
"values": false
},
+ "text": {},
"textMode": "auto"
},
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"targets": [
{
"groupBy": [
@@ -3180,37 +4675,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
- "decimals": 2,
- "mappings": [
- {
- "id": 0,
- "op": "=",
- "text": "N/A",
- "type": 1,
- "value": "null"
- }
- ],
- "max": null,
- "min": 0,
- "nullValueMode": "connected",
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "rgba(245, 54, 54, 0.9)",
- "value": null
- },
- {
- "color": "rgba(237, 129, 40, 0.89)",
- "value": 259200
- },
- {
- "color": "rgba(50, 172, 45, 0.97)",
- "value": 432000
- }
- ]
- },
"unit": "s"
},
"overrides": []
@@ -3242,17 +4706,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Oldest Pcap",
+ "alias": "Oldest Pcap Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3294,6 +4766,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Oldest Pcap Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "pcapage",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_seconds"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -3351,7 +4868,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -3385,17 +4901,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": true,
"steppedLine": false,
"targets": [
{
- "alias": "Blocked",
+ "alias": "Blocked Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3413,6 +4937,7 @@
],
"hide": false,
"measurement": "processes",
+ "orderByTime": "ASC",
"policy": "default",
"refId": "A",
"resultFormat": "time_series",
@@ -3439,7 +4964,7 @@
]
},
{
- "alias": "Running",
+ "alias": "Running Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3456,6 +4981,7 @@
}
],
"measurement": "processes",
+ "orderByTime": "ASC",
"policy": "default",
"refId": "B",
"resultFormat": "time_series",
@@ -3482,7 +5008,7 @@
]
},
{
- "alias": "Sleep",
+ "alias": "Sleep Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3499,6 +5025,7 @@
}
],
"measurement": "processes",
+ "orderByTime": "ASC",
"policy": "default",
"refId": "C",
"resultFormat": "time_series",
@@ -3523,6 +5050,141 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Blocked Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": true,
+ "measurement": "processes",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_blocked"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Running Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": true,
+ "measurement": "processes",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "E",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_running"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Sleep Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": true,
+ "measurement": "processes",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "F",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_sleeping"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -3575,7 +5237,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -3607,17 +5268,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Inbound",
+ "alias": "Inbound Current",
"groupBy": [
{
"params": [
@@ -3678,7 +5347,7 @@
]
},
{
- "alias": "Outbound",
+ "alias": "Outbound Current",
"groupBy": [
{
"params": [
@@ -3737,6 +5406,130 @@
"value": "so-logstash"
}
]
+ },
+ {
+ "alias": "Inbound Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_rx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-logstash"
+ }
+ ]
+ },
+ {
+ "alias": "Outbound Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_tx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-logstash"
+ }
+ ]
}
],
"thresholds": [],
@@ -3789,7 +5582,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -3821,16 +5613,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -3865,7 +5666,64 @@
},
{
"params": [
- " / {{ CPUS }}"
+ " /{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-zeek"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ " /{{ CPUS }}"
],
"type": "math"
}
@@ -3936,7 +5794,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -3968,16 +5825,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -4025,6 +5891,57 @@
"value": "so-zeek"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-zeek"
+ }
+ ]
}
],
"thresholds": [],
@@ -4078,7 +5995,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -4112,17 +6028,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Threads",
+ "alias": "Threads Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -4139,6 +6063,7 @@
}
],
"measurement": "processes",
+ "orderByTime": "ASC",
"policy": "default",
"refId": "A",
"resultFormat": "time_series",
@@ -4163,6 +6088,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Threads Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "processes",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_total_threads"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -4216,7 +6186,6 @@
"description": "",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -4248,17 +6217,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Inbound",
+ "alias": "Inbound Current",
"groupBy": [
{
"params": [
@@ -4319,7 +6296,7 @@
]
},
{
- "alias": "Outbound",
+ "alias": "Outbound Current",
"groupBy": [
{
"params": [
@@ -4378,6 +6355,130 @@
"value": "so-influxdb"
}
]
+ },
+ {
+ "alias": "Inbound Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_rx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-influxdb"
+ }
+ ]
+ },
+ {
+ "alias": "Outbound Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_tx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-influxdb"
+ }
+ ]
}
],
"thresholds": [],
@@ -4423,13 +6524,12 @@
},
{
"aliasColors": {},
- "bars": true,
+ "bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -4453,23 +6553,32 @@
"total": false,
"values": false
},
- "lines": false,
+ "lines": true,
"linewidth": 1,
- "nullPointMode": "null",
+ "nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": true,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Loss Current",
"groupBy": [
{
"params": [
@@ -4486,7 +6595,7 @@
],
"measurement": "zeekcaptureloss",
"orderByTime": "ASC",
- "policy": "autogen",
+ "policy": "default",
"refId": "A",
"resultFormat": "time_series",
"select": [
@@ -4510,6 +6619,50 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Loss Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": true,
+ "measurement": "zeekcaptureloss",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_loss"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -4563,7 +6716,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -4595,16 +6747,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Loss Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -4652,6 +6813,57 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Loss Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "zeekdrop",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_drop"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "last"
+ },
+ {
+ "params": [
+ "* 100"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -4704,7 +6916,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -4735,16 +6946,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Wait Current",
"groupBy": [
{
"params": [
@@ -4785,6 +7005,50 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Wait Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_iowait"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -4837,7 +7101,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -4869,17 +7132,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Inbound",
+ "alias": "Inbound Current",
"groupBy": [
{
"params": [
@@ -4940,7 +7211,7 @@
]
},
{
- "alias": "Outbound",
+ "alias": "Outbound Current",
"groupBy": [
{
"params": [
@@ -4999,6 +7270,130 @@
"value": "so-aptcacherng"
}
]
+ },
+ {
+ "alias": "Inbound Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_rx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-aptcacherng"
+ }
+ ]
+ },
+ {
+ "alias": "Outbound Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_net",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_tx_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "1s"
+ ],
+ "type": "non_negative_derivative"
+ },
+ {
+ "params": [
+ "*8"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-aptcacherng"
+ }
+ ]
}
],
"thresholds": [],
@@ -5050,7 +7445,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -5081,16 +7475,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Size Current",
"groupBy": [
{
"params": [
@@ -5107,7 +7510,7 @@
],
"measurement": "influxsize",
"orderByTime": "ASC",
- "policy": "autogen",
+ "policy": "default",
"refId": "A",
"resultFormat": "time_series",
"select": [
@@ -5131,6 +7534,50 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Size Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "influxsize",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_kbytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -5183,7 +7630,6 @@
"description": "",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -5214,16 +7660,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Queue Current",
"groupBy": [
{
"params": [
@@ -5264,6 +7719,50 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Queue Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "redisqueue",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_unparsed"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -5317,7 +7816,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -5350,17 +7848,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Read",
+ "alias": "Read Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -5408,7 +7914,7 @@
]
},
{
- "alias": "Write",
+ "alias": "Write Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -5454,6 +7960,104 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Read Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": true,
+ "measurement": "diskio",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_read_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [],
+ "type": "non_negative_difference"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Write Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": true,
+ "measurement": "diskio",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_write_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [],
+ "type": "non_negative_difference"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -5506,9 +8110,7 @@
"datasource": "InfluxDB",
"description": "",
"fieldConfig": {
- "defaults": {
- "custom": {}
- },
+ "defaults": {},
"overrides": []
},
"fill": 1,
@@ -5537,17 +8139,25 @@
"alertThreshold": false
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "EPS",
+ "alias": "EPS Current",
"groupBy": [
{
"params": [
@@ -5589,6 +8199,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "EPS Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "consumptioneps",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "queryType": "randomWalk",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_eps"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -5640,7 +8295,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -5671,16 +8325,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"groupBy": [
{
"params": [
@@ -5727,6 +8390,56 @@
"value": "so-redis"
}
]
+ },
+ {
+ "alias": "Usage Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-redis"
+ }
+ ]
}
],
"thresholds": [],
@@ -5779,7 +8492,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -5810,16 +8522,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Usage Current",
"groupBy": [
{
"params": [
@@ -5837,6 +8558,8 @@
"measurement": "docker_container_cpu",
"orderByTime": "ASC",
"policy": "default",
+ "query": "SELECT mean(\"usage_percent\") /{{ CPUS }} FROM \"docker_container_cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
"refId": "A",
"resultFormat": "time_series",
"select": [
@@ -5853,7 +8576,65 @@
},
{
"params": [
- "/ 16"
+ "/{{ CPUS }}"
+ ],
+ "type": "math"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ },
+ {
+ "condition": "AND",
+ "key": "container_name",
+ "operator": "=",
+ "value": "so-redis"
+ }
+ ]
+ },
+ {
+ "alias": "Usage Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "docker_container_cpu",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT mean(\"usage_percent\") /{{ CPUS }} FROM \"docker_container_cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_usage_percent"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ },
+ {
+ "params": [
+ "/{{ CPUS }}"
],
"type": "math"
}
@@ -5932,7 +8713,6 @@
"error": false,
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -5968,17 +8748,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 5,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": true,
"steppedLine": false,
"targets": [
{
- "alias": "Used",
+ "alias": "Used Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -5995,7 +8783,10 @@
}
],
"measurement": "mem",
+ "orderByTime": "ASC",
"policy": "default",
+ "query": "SELECT mean(\"used\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
"refId": "A",
"resultFormat": "time_series",
"select": [
@@ -6021,7 +8812,7 @@
]
},
{
- "alias": "Buffered",
+ "alias": "Buffered Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -6038,7 +8829,10 @@
}
],
"measurement": "mem",
+ "orderByTime": "ASC",
"policy": "default",
+ "query": "SELECT mean(\"buffered\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
"refId": "B",
"resultFormat": "time_series",
"select": [
@@ -6064,7 +8858,7 @@
]
},
{
- "alias": "Cached",
+ "alias": "Cached Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -6081,7 +8875,10 @@
}
],
"measurement": "mem",
+ "orderByTime": "ASC",
"policy": "default",
+ "query": "SELECT mean(\"cached\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
"refId": "C",
"resultFormat": "time_series",
"select": [
@@ -6107,7 +8904,7 @@
]
},
{
- "alias": "Free",
+ "alias": "Free Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -6124,7 +8921,10 @@
}
],
"measurement": "mem",
+ "orderByTime": "ASC",
"policy": "default",
+ "query": "SELECT mean(\"free\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
"refId": "D",
"resultFormat": "time_series",
"select": [
@@ -6148,6 +8948,194 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Used Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": true,
+ "measurement": "mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT mean(\"used\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
+ "refId": "E",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_used"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Buffered Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": true,
+ "measurement": "mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT mean(\"buffered\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
+ "refId": "F",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_buffered"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Cached Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": true,
+ "measurement": "mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT mean(\"cached\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
+ "refId": "G",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_cached"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Free Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": true,
+ "measurement": "mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "query": "SELECT mean(\"free\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)",
+ "rawQuery": false,
+ "refId": "H",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_free"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -6205,9 +9193,7 @@
"editable": true,
"error": false,
"fieldConfig": {
- "defaults": {
- "custom": {}
- },
+ "defaults": {},
"overrides": []
},
"format": "none",
@@ -6326,7 +9312,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -6358,16 +9343,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Size Current",
"dsType": "influxdb",
"groupBy": [
{
@@ -6409,6 +9403,51 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Size Trend",
+ "dsType": "influxdb",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "elasticsearch_indices",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_store_size_in_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -6460,7 +9499,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -6491,16 +9529,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Count Current",
"groupBy": [
{
"params": [
@@ -6541,6 +9588,50 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Count Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "elasticsearch_jvm",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_threads_count"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -6593,7 +9684,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -6624,16 +9714,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
+ "alias": "Size Current",
"groupBy": [
{
"params": [
@@ -6674,6 +9773,50 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Size Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "elasticsearch_indices",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "B",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_fielddata_memory_size_in_bytes"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -6725,7 +9868,6 @@
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {
- "custom": {},
"links": []
},
"overrides": []
@@ -6756,17 +9898,25 @@
"alertThreshold": true
},
"percentage": false,
- "pluginVersion": "7.3.4",
+ "pluginVersion": "7.5.4",
"pointradius": 2,
"points": false,
"renderer": "flot",
- "seriesOverrides": [],
+ "seriesOverrides": [
+ {
+ "alias": "/Trend/",
+ "dashLength": 4,
+ "dashes": true,
+ "fill": 0,
+ "linewidth": 4
+ }
+ ],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "alias": "Total",
+ "alias": "Total Current",
"groupBy": [
{
"params": [
@@ -6809,7 +9959,7 @@
]
},
{
- "alias": "Used",
+ "alias": "Used Current",
"groupBy": [
{
"params": [
@@ -6850,6 +10000,94 @@
"value": "{{ SERVERNAME }}"
}
]
+ },
+ {
+ "alias": "Total Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "C",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_total"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
+ },
+ {
+ "alias": "Used Trend",
+ "groupBy": [
+ {
+ "params": [
+ "$__interval"
+ ],
+ "type": "time"
+ },
+ {
+ "params": [
+ "null"
+ ],
+ "type": "fill"
+ }
+ ],
+ "hide": false,
+ "measurement": "mem",
+ "orderByTime": "ASC",
+ "policy": "so_long_term",
+ "refId": "D",
+ "resultFormat": "time_series",
+ "select": [
+ [
+ {
+ "params": [
+ "mean_used"
+ ],
+ "type": "field"
+ },
+ {
+ "params": [],
+ "type": "mean"
+ }
+ ]
+ ],
+ "tags": [
+ {
+ "key": "host",
+ "operator": "=",
+ "value": "{{ SERVERNAME }}"
+ }
+ ]
}
],
"thresholds": [],
@@ -6895,7 +10133,7 @@
}
],
"refresh": "30s",
- "schemaVersion": 26,
+ "schemaVersion": 27,
"style": "dark",
"tags": [],
"templating": {
@@ -6909,6 +10147,7 @@
"text": "10s",
"value": "10s"
},
+ "description": null,
"error": null,
"hide": 0,
"label": null,
@@ -6976,7 +10215,7 @@
}
],
"query": "10s, 1m,10m,30m,1h,6h,12h,1d,7d,14d,30d",
- "refresh": 2,
+ "refresh": 3,
"skipUrlSync": false,
"type": "interval"
}
@@ -7013,6 +10252,6 @@
},
"timezone": "browser",
"title": "Standalone Mode - {{ SERVERNAME }} Overview",
- "uid": "so_overview",
- "version": 1
-}
\ No newline at end of file
+ "uid": "{{ UID }}",
+ "version": 17
+}
diff --git a/salt/influxdb/defaults.yaml b/salt/influxdb/defaults.yaml
new file mode 100644
index 000000000..205c2ba67
--- /dev/null
+++ b/salt/influxdb/defaults.yaml
@@ -0,0 +1,21 @@
+{% set measurements = salt['cmd.shell']('docker exec -t so-influxdb influx -format json -ssl -unsafeSsl -database telegraf -execute "show measurements" 2> /root/measurement_query.log | jq -r .results[0].series[0].values[]?[0] 2>> /root/measurement_query.log') %}
+
+influxdb:
+ retention_policies:
+ so_short_term:
+ default: True
+ duration: 30d
+ shard_duration: 1d
+ so_long_term:
+ default: False
+ duration: 0d
+ shard_duration: 7d
+ downsample:
+ so_long_term:
+ resolution: 5m
+{% if measurements|length > 0 %}
+ measurements:
+ {% for measurement in measurements.splitlines() %}
+ - {{ measurement }}
+ {% endfor %}
+{% endif %}
diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls
index 485cc951b..f270c9f73 100644
--- a/salt/influxdb/init.sls
+++ b/salt/influxdb/init.sls
@@ -2,12 +2,21 @@
{% if sls in allowed_states %}
{% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
-{% set MANAGER = salt['grains.get']('master') %}
-{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] or (grains.role == 'so-eval' and GRAFANA == 1) %}
+{% set MANAGER = salt['grains.get']('master') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
+{% import_yaml 'influxdb/defaults.yaml' as default_settings %}
+{% set influxdb = salt['grains.filter_by'](default_settings, default='influxdb', merge=salt['pillar.get']('influxdb', {})) %}
+{% from 'salt/map.jinja' import PYTHON3INFLUX with context %}
+{% from 'salt/map.jinja' import PYTHONINFLUXVERSION with context %}
+{% set PYTHONINFLUXVERSIONINSTALLED = salt['cmd.run']("python3 -c \"exec('try:import influxdb; print (influxdb.__version__)\\nexcept:print(\\'Module Not Found\\')')\"", python_shell=True) %}
+
+include:
+ - salt.minion
+ - salt.python3-influxdb
# Influx DB
influxconfdir:
file.directory:
@@ -57,6 +66,71 @@ append_so-influxdb_so-status.conf:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-influxdb
+# We have to make sure the influxdb module is the right version prior to state run since reload_modules is bugged
+{% if PYTHONINFLUXVERSIONINSTALLED == PYTHONINFLUXVERSION %}
+wait_for_influxdb:
+ http.query:
+ - name: 'https://{{MANAGER}}:8086/query?q=SHOW+DATABASES'
+ - ssl: True
+ - verify_ssl: False
+ - status: 200
+ - timeout: 30
+ - retry:
+ attempts: 5
+ interval: 60
+
+telegraf_database:
+ influxdb_database.present:
+ - name: telegraf
+ - database: telegraf
+ - ssl: True
+ - verify_ssl: /etc/pki/ca.crt
+ - cert: ['/etc/pki/influxdb.crt', '/etc/pki/influxdb.key']
+ - influxdb_host: {{ MANAGER }}
+ - require:
+ - docker_container: so-influxdb
+ - sls: salt.python3-influxdb
+ - http: wait_for_influxdb
+
+{% for rp in influxdb.retention_policies.keys() %}
+{{rp}}_retention_policy:
+ influxdb_retention_policy.present:
+ - name: {{rp}}
+ - database: telegraf
+ - duration: {{influxdb.retention_policies[rp].duration}}
+ - shard_duration: {{influxdb.retention_policies[rp].shard_duration}}
+ - replication: 1
+ - default: {{influxdb.retention_policies[rp].get('default', 'False')}}
+ - ssl: True
+ - verify_ssl: /etc/pki/ca.crt
+ - cert: ['/etc/pki/influxdb.crt', '/etc/pki/influxdb.key']
+ - influxdb_host: {{ MANAGER }}
+ - require:
+ - docker_container: so-influxdb
+ - influxdb_database: telegraf_database
+ - file: influxdb_retention_policy.present_patch
+ - sls: salt.python3-influxdb
+{% endfor %}
+
+{% for dest_rp in influxdb.downsample.keys() %}
+ {% for measurement in influxdb.downsample[dest_rp].get('measurements', []) %}
+so_downsample_{{measurement}}_cq:
+ influxdb_continuous_query.present:
+ - name: so_downsample_{{measurement}}_cq
+ - database: telegraf
+ - query: SELECT mean(*) INTO "{{dest_rp}}"."{{measurement}}" FROM "{{measurement}}" GROUP BY time({{influxdb.downsample[dest_rp].resolution}}),*
+ - ssl: True
+ - verify_ssl: /etc/pki/ca.crt
+ - cert: ['/etc/pki/influxdb.crt', '/etc/pki/influxdb.key']
+ - influxdb_host: {{ MANAGER }}
+ - require:
+ - docker_container: so-influxdb
+ - influxdb_database: telegraf_database
+ - file: influxdb_continuous_query.present_patch
+ {% endfor %}
+{% endfor %}
+
+{% endif %}
{% endif %}
{% else %}
diff --git a/salt/kibana/bin/so-kibana-config-load b/salt/kibana/bin/so-kibana-config-load
index f07377018..d42596287 100644
--- a/salt/kibana/bin/so-kibana-config-load
+++ b/salt/kibana/bin/so-kibana-config-load
@@ -1,6 +1,4 @@
#!/bin/bash
-# {%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager', False) -%}
-# {%- set FLEET_NODE = salt['pillar.get']('global:fleet_node', False) -%}
# {%- set MANAGER = salt['pillar.get']('global:url_base', '') %}
. /usr/sbin/so-common
@@ -8,19 +6,12 @@
# Copy template file
cp /opt/so/conf/kibana/saved_objects.ndjson.template /opt/so/conf/kibana/saved_objects.ndjson
-# {% if FLEET_NODE or FLEET_MANAGER %}
-# Fleet IP
-#sed -i "s/FLEETPLACEHOLDER/{{ MANAGER }}/g" /opt/so/conf/kibana/saved_objects.ndjson
-# {% endif %}
-
# SOCtopus and Manager
sed -i "s/PLACEHOLDER/{{ MANAGER }}/g" /opt/so/conf/kibana/saved_objects.ndjson
-wait_for_web_response "http://localhost:5601/app/kibana" "Elastic"
-## This hackery will be removed if using Elastic Auth ##
+wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "{{ ELASTICCURL }}"
-# Let's snag a cookie from Kibana
-THECOOKIE=$(curl -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
+SESSIONCOOKIE=$({{ ELASTICCURL }} -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
# Load saved objects
-curl -b "sid=$THECOOKIE" -L -X POST "localhost:5601/api/saved_objects/_import?overwrite=true" -H "kbn-xsrf: true" --form file=@/opt/so/conf/kibana/saved_objects.ndjson >> /opt/so/log/kibana/misc.log
\ No newline at end of file
+{{ ELASTICCURL }} -b "sid=$SESSIONCOOKIE" -L -X POST "localhost:5601/api/saved_objects/_import?overwrite=true" -H "kbn-xsrf: true" --form file=@/opt/so/conf/kibana/saved_objects.ndjson >> /opt/so/log/kibana/misc.log
diff --git a/salt/kibana/etc/config.json b/salt/kibana/etc/config.json
deleted file mode 100644
index 9631e0343..000000000
--- a/salt/kibana/etc/config.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{ "attributes":
- {
- "defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29",
- "defaultRoute":"/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645",
- "discover:sampleSize":"100",
- "dashboard:defaultDarkTheme":true,
- "theme:darkMode":true,
- "timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"
- }
-}
diff --git a/salt/kibana/etc/kibana.yml b/salt/kibana/etc/kibana.yml
index 856f87909..6fcafe68f 100644
--- a/salt/kibana/etc/kibana.yml
+++ b/salt/kibana/etc/kibana.yml
@@ -1,20 +1,26 @@
---
# Default Kibana configuration from kibana-docker.
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
server.name: kibana
server.host: "0"
server.basePath: /kibana
elasticsearch.hosts: [ "https://{{ ES }}:9200" ]
elasticsearch.ssl.verificationMode: none
#kibana.index: ".kibana"
-#elasticsearch.username: elastic
-#elasticsearch.password: changeme
+{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+elasticsearch.username: {{ ES_USER }}
+elasticsearch.password: {{ ES_PASS }}
+{% endif %}
#xpack.monitoring.ui.container.elasticsearch.enabled: true
elasticsearch.requestTimeout: 90000
logging.dest: /var/log/kibana/kibana.log
telemetry.enabled: false
security.showInsecureClusterWarning: false
+{% if not salt['pillar.get']('elasticsearch:auth:enabled', False) %}
xpack.security.authc.providers:
anonymous.anonymous1:
order: 0
credentials: "elasticsearch_anonymous_user"
+{% endif %}
diff --git a/salt/kibana/files/saved_objects.ndjson b/salt/kibana/files/saved_objects.ndjson
index fee868127..ee2842b66 100644
--- a/salt/kibana/files/saved_objects.ndjson
+++ b/salt/kibana/files/saved_objects.ndjson
@@ -460,7 +460,7 @@
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/New_York\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":96,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":28,\"x\":8,\"y\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":28,\"x\":28,\"y\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":72,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":48,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":24,\"x\":16,\"y\":72,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":120,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"columns\":[\"event_type\",\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"z16.04 - Sysmon - Logs","version":1},"id":"6d189680-6d62-11e7-8ddb-e71eb260f4a3","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"8cfdeff0-6d6b-11e7-ad64-15aa071374a6","name":"panel_1","type":"visualization"},{"id":"0eb1fd80-6d70-11e7-b09b-f57b22df6524","name":"panel_2","type":"visualization"},{"id":"3072c750-6d71-11e7-b09b-f57b22df6524","name":"panel_3","type":"visualization"},{"id":"7bc74b40-6d71-11e7-b09b-f57b22df6524","name":"panel_4","type":"visualization"},{"id":"13ed0810-6d72-11e7-b09b-f57b22df6524","name":"panel_5","type":"visualization"},{"id":"3b6c92c0-6d72-11e7-b09b-f57b22df6524","name":"panel_6","type":"visualization"},{"id":"e09f6010-6d72-11e7-b09b-f57b22df6524","name":"panel_7","type":"visualization"},{"id":"29611940-6d75-11e7-b09b-f57b22df6524","name":"panel_8","type":"visualization"},{"id":"6b70b840-6d75-11e7-b09b-f57b22df6524","name":"panel_9","type":"visualization"},{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"panel_10","type":"search"},{"id":"AWDHHk1sxQT5EBNmq43Y","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQyLDRd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMB - Action (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMB - Action (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"action.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"6f883480-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQzLDRd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.certificate.subject.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.certificate.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"id":"6fccb600-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ0LDRd"}
-{"attributes":{"buildNum":33984,"dashboard:defaultDarkTheme":true,"defaultIndex":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute":"/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize":"100","theme:darkMode":true,"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"id":"7.11.2","migrationVersion":{"config":"7.9.0"},"references":[],"type":"config","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ1LDRd"}
+{"attributes":{"buildNum":39457,"defaultIndex":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute":"/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize":100,"theme:darkMode":true,"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion":"7.13.2","id":"7.13.2","migrationVersion":{"config":"7.12.0"},"references":[],"type":"config","updated_at":"2021-04-29T21:42:52.430Z","version":"WzY3NTUsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - MIME Flavors","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - File - MIME Flavors\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.flavors.mime.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"70243970-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ2LDRd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Modbus - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG_9KpxQT5EBNmq4Oo","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ3LDRd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"z16.04 - Bro - Modbus","version":1},"id":"70c005f0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"0d168a30-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"20eabd60-380b-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"3c65f500-380b-11e7-a1cc-ebc6a7e70e84","name":"panel_3","type":"visualization"},{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"178209e0-6e1b-11e7-b553-7f80727663c1","name":"panel_5","type":"visualization"},{"id":"AWDG_9KpxQT5EBNmq4Oo","name":"panel_6","type":"visualization"},{"id":"453f8b90-4a58-11e8-9b0a-f1d33346f773","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ4LDRd"}
@@ -730,4 +730,4 @@
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Syslog - Severity (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"syslog.severity.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"syslog.severity.keyword: Descending\",\"aggType\":\"terms\"}]}},\"title\":\"Security Onion - Syslog - Severity (Donut)\"}"},"id":"fc8d41a0-777b-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwNDExLDRd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Top Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Top Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"source.ip: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"id":"fd8b4640-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwNDEyLDRd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.module:strelka\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":7,\"i\":\"a2e0a619-a5c5-40d9-8593-e60f13ae22bf\"},\"panelIndex\":\"a2e0a619-a5c5-40d9-8593-e60f13ae22bf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":21,\"h\":7,\"i\":\"566a9d04-f2dc-4868-9625-97a19d985703\"},\"panelIndex\":\"566a9d04-f2dc-4868-9625-97a19d985703\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":7,\"i\":\"f247ec64-c278-4e05-ac4d-983bea9dfb7d\"},\"panelIndex\":\"f247ec64-c278-4e05-ac4d-983bea9dfb7d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":7,\"w\":12,\"h\":20,\"i\":\"6e80a142-ab0e-4fd3-891c-e495b78a1625\"},\"panelIndex\":\"6e80a142-ab0e-4fd3-891c-e495b78a1625\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":12,\"y\":7,\"w\":11,\"h\":20,\"i\":\"292cc879-6bc0-4541-ba92-3b3c5f4e3368\"},\"panelIndex\":\"292cc879-6bc0-4541-ba92-3b3c5f4e3368\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":7,\"w\":14,\"h\":20,\"i\":\"66979b2c-e7c1-4291-91ac-16537b7f9ec3\"},\"panelIndex\":\"66979b2c-e7c1-4291-91ac-16537b7f9ec3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":37,\"y\":7,\"w\":11,\"h\":20,\"i\":\"8bb1cf98-0401-4a2d-9dd8-deca08205a22\"},\"panelIndex\":\"8bb1cf98-0401-4a2d-9dd8-deca08205a22\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":8,\"h\":20,\"i\":\"393f3cec-3ee0-4275-b319-f307e7a260c6\"},\"panelIndex\":\"393f3cec-3ee0-4275-b319-f307e7a260c6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":15,\"h\":20,\"i\":\"0e8800a9-a6f5-4a79-8370-61713f584886\"},\"panelIndex\":\"0e8800a9-a6f5-4a79-8370-61713f584886\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":27,\"w\":25,\"h\":20,\"i\":\"be9a0a2a-d8c6-4d15-b5d7-d5599d0482a3\"},\"panelIndex\":\"be9a0a2a-d8c6-4d15-b5d7-d5599d0482a3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":27,\"i\":\"40296d2b-cb6f-423f-989c-3fdaa82d2aad\"},\"panelIndex\":\"40296d2b-cb6f-423f-989c-3fdaa82d2aad\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"Security Onion - Strelka","version":1},"id":"ff689c50-75f3-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"7a88adc0-75f0-11ea-9565-7315f4ee5cac","name":"panel_3","type":"visualization"},{"id":"49cfe850-772c-11ea-bee5-af7f7c7b8e05","name":"panel_4","type":"visualization"},{"id":"70243970-772c-11ea-bee5-af7f7c7b8e05","name":"panel_5","type":"visualization"},{"id":"ce9e03f0-772c-11ea-bee5-af7f7c7b8e05","name":"panel_6","type":"visualization"},{"id":"a7ebb450-772c-11ea-bee5-af7f7c7b8e05","name":"panel_7","type":"visualization"},{"id":"08c0b770-772e-11ea-bee5-af7f7c7b8e05","name":"panel_8","type":"visualization"},{"id":"e087c7d0-772d-11ea-bee5-af7f7c7b8e05","name":"panel_9","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_10","type":"search"}],"type":"dashboard","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwNDEzLDRd"}
-{"exportedCount":732,"missingRefCount":0,"missingReferences":[]}
\ No newline at end of file
+{"exportedCount":732,"missingRefCount":0,"missingReferences":[]}
diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls
index 75b96b72a..40ed8babc 100644
--- a/salt/kibana/init.sls
+++ b/salt/kibana/init.sls
@@ -4,6 +4,7 @@
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{% set MANAGER = salt['grains.get']('master') %}
+{% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %}
# Add ES Group
kibanasearchgroup:
@@ -34,6 +35,7 @@ synckibanaconfig:
- source: salt://kibana/etc
- user: 932
- group: 939
+ - file_mode: 660
- template: jinja
kibanalogdir:
@@ -63,6 +65,8 @@ kibanabin:
- source: salt://kibana/bin/so-kibana-config-load
- mode: 755
- template: jinja
+ - defaults:
+ ELASTICCURL: {{ ELASTICAUTH.elasticcurl }}
# Start the kibana docker
so-kibana:
@@ -113,4 +117,4 @@ so-kibana-config-load:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
-{% endif %}
\ No newline at end of file
+{% endif %}
diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls
index 2c2c89626..bfd08e4fe 100644
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -78,6 +78,7 @@ ls_pipeline_{{PL}}_{{CONFIGFILE.split('.')[0] | replace("/","_") }}:
{% endif %}
- user: 931
- group: 939
+ - mode: 660
- makedirs: True
{% endfor %}
diff --git a/salt/logstash/pipelines/config/so/0009_input_beats.conf b/salt/logstash/pipelines/config/so/0009_input_beats.conf
index a5c1d491c..9ca55b184 100644
--- a/salt/logstash/pipelines/config/so/0009_input_beats.conf
+++ b/salt/logstash/pipelines/config/so/0009_input_beats.conf
@@ -3,4 +3,9 @@ input {
port => "5044"
tags => [ "beat-ext" ]
}
+}
+filter {
+ mutate {
+ rename => {"@metadata" => "metadata"}
+ }
}
\ No newline at end of file
diff --git a/salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja b/salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja
index d17dc2b22..670dcf49e 100644
--- a/salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja
@@ -3,11 +3,17 @@
{%- else %}
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
{%- endif %}
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
output {
if [module] =~ "zeek" and "import" not in [tags] {
elasticsearch {
pipeline => "%{module}.%{dataset}"
hosts => "{{ ES }}"
+{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+ user => "{{ ES_USER }}"
+ password => "{{ ES_PASS }}"
+{% endif %}
index => "so-zeek"
template_name => "so-zeek"
template => "/templates/so-zeek-template.json"
diff --git a/salt/logstash/pipelines/config/so/9002_output_import.conf.jinja b/salt/logstash/pipelines/config/so/9002_output_import.conf.jinja
index 4562dcee7..1ebaa1082 100644
--- a/salt/logstash/pipelines/config/so/9002_output_import.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9002_output_import.conf.jinja
@@ -3,11 +3,17 @@
{%- else %}
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
{%- endif %}
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
output {
if "import" in [tags] {
elasticsearch {
pipeline => "%{module}.%{dataset}"
hosts => "{{ ES }}"
+{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+ user => "{{ ES_USER }}"
+ password => "{{ ES_PASS }}"
+{% endif %}
index => "so-import"
template_name => "so-import"
template => "/templates/so-import-template.json"
diff --git a/salt/logstash/pipelines/config/so/9004_output_flow.conf.jinja b/salt/logstash/pipelines/config/so/9004_output_flow.conf.jinja
index fb6eaee5d..affa32d1a 100644
--- a/salt/logstash/pipelines/config/so/9004_output_flow.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9004_output_flow.conf.jinja
@@ -3,10 +3,16 @@
{%- else %}
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
{%- endif %}
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
output {
if [event_type] == "sflow" {
elasticsearch {
hosts => "{{ ES }}"
+{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+ user => "{{ ES_USER }}"
+ password => "{{ ES_PASS }}"
+{% endif %}
index => "so-flow"
template_name => "so-flow"
template => "/templates/so-flow-template.json"
diff --git a/salt/logstash/pipelines/config/so/9033_output_snort.conf.jinja b/salt/logstash/pipelines/config/so/9033_output_snort.conf.jinja
index 61aa21a82..ea603b016 100644
--- a/salt/logstash/pipelines/config/so/9033_output_snort.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9033_output_snort.conf.jinja
@@ -3,10 +3,16 @@
{%- else %}
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
{%- endif %}
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
output {
if [event_type] == "ids" and "import" not in [tags] {
elasticsearch {
hosts => "{{ ES }}"
+{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+ user => "{{ ES_USER }}"
+ password => "{{ ES_PASS }}"
+{% endif %}
index => "so-ids"
template_name => "so-ids"
template => "/templates/so-ids-template.json"
diff --git a/salt/logstash/pipelines/config/so/9034_output_syslog.conf.jinja b/salt/logstash/pipelines/config/so/9034_output_syslog.conf.jinja
index 0afbf45ea..ab8508bf3 100644
--- a/salt/logstash/pipelines/config/so/9034_output_syslog.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9034_output_syslog.conf.jinja
@@ -3,11 +3,17 @@
{%- else %}
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
{%- endif %}
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
output {
if [module] =~ "syslog" {
elasticsearch {
pipeline => "%{module}"
hosts => "{{ ES }}"
+{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+ user => "{{ ES_USER }}"
+ password => "{{ ES_PASS }}"
+{% endif %}
index => "so-syslog"
template_name => "so-syslog"
template => "/templates/so-syslog-template.json"
diff --git a/salt/logstash/pipelines/config/so/9050_output_filebeatmodules.conf.jinja b/salt/logstash/pipelines/config/so/9050_output_filebeatmodules.conf.jinja
new file mode 100644
index 000000000..56c8a311b
--- /dev/null
+++ b/salt/logstash/pipelines/config/so/9050_output_filebeatmodules.conf.jinja
@@ -0,0 +1,26 @@
+{%- if grains['role'] == 'so-eval' -%}
+{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
+{%- else %}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
+{%- endif %}
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
+output {
+ if [metadata][pipeline] {
+ elasticsearch {
+ id => "filebeat_modules_metadata_pipeline"
+ pipeline => "%{[metadata][pipeline]}"
+ hosts => "{{ ES }}"
+{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+ user => "{{ ES_USER }}"
+ password => "{{ ES_PASS }}"
+{% endif %}
+ index => "so-%{[event][module]}-%{+YYYY.MM.dd}"
+ template_name => "so-common"
+ template => "/templates/so-common-template.json"
+ template_overwrite => true
+ ssl => true
+ ssl_certificate_verification => false
+ }
+ }
+}
diff --git a/salt/logstash/pipelines/config/so/9100_output_osquery.conf.jinja b/salt/logstash/pipelines/config/so/9100_output_osquery.conf.jinja
index efa46c7af..b997ea7be 100644
--- a/salt/logstash/pipelines/config/so/9100_output_osquery.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9100_output_osquery.conf.jinja
@@ -3,11 +3,17 @@
{%- else %}
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
{%- endif %}
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
output {
if [module] =~ "osquery" and "live_query" not in [dataset] {
elasticsearch {
pipeline => "%{module}.%{dataset}"
hosts => "{{ ES }}"
+{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+ user => "{{ ES_USER }}"
+ password => "{{ ES_PASS }}"
+{% endif %}
index => "so-osquery"
template_name => "so-osquery"
template => "/templates/so-osquery-template.json"
diff --git a/salt/logstash/pipelines/config/so/9101_output_osquery_livequery.conf.jinja b/salt/logstash/pipelines/config/so/9101_output_osquery_livequery.conf.jinja
index 6d7b71415..fce35b5a4 100644
--- a/salt/logstash/pipelines/config/so/9101_output_osquery_livequery.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9101_output_osquery_livequery.conf.jinja
@@ -3,7 +3,9 @@
{%- else %}
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
{%- endif %}
-{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
+{%- set FEATURES = salt['pillar.get']('elastic:features', False) %}
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
filter {
if [type] =~ "live_query" {
@@ -30,6 +32,10 @@ output {
elasticsearch {
pipeline => "osquery.live_query"
hosts => "{{ ES }}"
+{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+ user => "{{ ES_USER }}"
+ password => "{{ ES_PASS }}"
+{% endif %}
index => "so-osquery"
template_name => "so-osquery"
template => "/templates/so-osquery-template.json"
diff --git a/salt/logstash/pipelines/config/so/9200_output_firewall.conf.jinja b/salt/logstash/pipelines/config/so/9200_output_firewall.conf.jinja
index 764f597b9..e82dbb4f8 100644
--- a/salt/logstash/pipelines/config/so/9200_output_firewall.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9200_output_firewall.conf.jinja
@@ -3,10 +3,16 @@
{%- else %}
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
{%- endif %}
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
output {
if [dataset] =~ "firewall" {
elasticsearch {
hosts => "{{ ES }}"
+{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+ user => "{{ ES_USER }}"
+ password => "{{ ES_PASS }}"
+{% endif %}
index => "so-firewall"
template_name => "so-firewall"
template => "/templates/so-firewall-template.json"
diff --git a/salt/logstash/pipelines/config/so/9400_output_suricata.conf.jinja b/salt/logstash/pipelines/config/so/9400_output_suricata.conf.jinja
index 5013bafc1..34e2bab7c 100644
--- a/salt/logstash/pipelines/config/so/9400_output_suricata.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9400_output_suricata.conf.jinja
@@ -3,11 +3,17 @@
{%- else %}
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
{%- endif %}
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
output {
if [module] =~ "suricata" and "import" not in [tags] {
elasticsearch {
pipeline => "%{module}.%{dataset}"
hosts => "{{ ES }}"
+{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+ user => "{{ ES_USER }}"
+ password => "{{ ES_PASS }}"
+{% endif %}
index => "so-ids"
template_name => "so-ids"
template => "/templates/so-ids-template.json"
diff --git a/salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja b/salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja
index 349c0ada1..2ad403ab9 100644
--- a/salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja
@@ -3,11 +3,17 @@
{%- else %}
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
{%- endif %}
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
output {
if "beat-ext" in [tags] and "import" not in [tags] {
elasticsearch {
pipeline => "beats.common"
hosts => "{{ ES }}"
+{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+ user => "{{ ES_USER }}"
+ password => "{{ ES_PASS }}"
+{% endif %}
index => "so-beats"
template_name => "so-beats"
template => "/templates/so-beats-template.json"
diff --git a/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja b/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja
index 1a4987a53..6e03d8c72 100644
--- a/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja
@@ -3,11 +3,17 @@
{%- else %}
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
{%- endif %}
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
output {
if [module] =~ "ossec" {
elasticsearch {
pipeline => "%{module}"
hosts => "{{ ES }}"
+{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+ user => "{{ ES_USER }}"
+ password => "{{ ES_PASS }}"
+{% endif %}
index => "so-ossec"
template_name => "so-ossec"
template => "/templates/so-ossec-template.json"
diff --git a/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja b/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja
index d564486e4..007f1370e 100644
--- a/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja
@@ -3,11 +3,17 @@
{%- else %}
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
{%- endif %}
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
output {
if [module] =~ "strelka" {
elasticsearch {
pipeline => "%{module}.%{dataset}"
hosts => "{{ ES }}"
+{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+ user => "{{ ES_USER }}"
+ password => "{{ ES_PASS }}"
+{% endif %}
index => "so-strelka"
template_name => "so-strelka"
template => "/templates/so-strelka-template.json"
diff --git a/salt/manager/init.sls b/salt/manager/init.sls
index 91635eb59..17b1ad9e0 100644
--- a/salt/manager/init.sls
+++ b/salt/manager/init.sls
@@ -20,6 +20,10 @@
{% set MANAGER = salt['grains.get']('master') %}
{% set STRELKA_RULES = salt['pillar.get']('strelka:rules', '1') %}
+include:
+ - elasticsearch.auth
+ - salt.minion
+
socore_own_saltstack:
file.directory:
- name: /opt/so/saltstack
@@ -102,6 +106,26 @@ strelka_yara_update:
- name: '/usr/sbin/so-yara-update >> /nsm/strelka/log/yara-update.log 2>&1'
- hour: '7'
- minute: '1'
+
+elastic_curl_config_distributed:
+ file.managed:
+ - name: /opt/so/saltstack/local/salt/elasticsearch/curl.config
+ - source: salt://elasticsearch/files/curl.config.template
+ - template: jinja
+ - mode: 600
+ - show_changes: False
+
+# Must run before elasticsearch docker container is started!
+syncesusers:
+ cmd.run:
+ - name: so-user sync
+ - env:
+ - SKIP_STATE_APPLY: 'true'
+ - creates:
+ - /opt/so/saltstack/local/salt/elasticsearch/files/users
+ - /opt/so/saltstack/local/salt/elasticsearch/files/users_roles
+ - show_changes: False
+
{% else %}
{{sls}}_state_not_allowed:
diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf
index ea820442b..cafa583b5 100644
--- a/salt/nginx/etc/nginx.conf
+++ b/salt/nginx/etc/nginx.conf
@@ -149,6 +149,12 @@ http {
root /opt/socore/html;
index index.html;
+ add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-ancestors 'self'";
+ add_header X-Frame-Options SAMEORIGIN;
+ add_header X-XSS-Protection "1; mode=block";
+ add_header X-Content-Type-Options nosniff;
+ add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
+
ssl_certificate "/etc/pki/nginx/server.crt";
ssl_certificate_key "/etc/pki/nginx/server.key";
ssl_session_cache shared:SSL:1m;
@@ -175,8 +181,8 @@ http {
auth_request_set $userid $upstream_http_x_kratos_authenticated_identity_id;
proxy_set_header x-user-id $userid;
proxy_pass http://{{ manager_ip }}:9822/;
- proxy_read_timeout 90;
- proxy_connect_timeout 90;
+ proxy_read_timeout 300;
+ proxy_connect_timeout 300;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -261,8 +267,8 @@ http {
auth_request /auth/sessions/whoami;
rewrite /kibana/(.*) /$1 break;
proxy_pass http://{{ manager_ip }}:5601/;
- proxy_read_timeout 90;
- proxy_connect_timeout 90;
+ proxy_read_timeout 300;
+ proxy_connect_timeout 300;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -341,8 +347,8 @@ http {
location /soctopus/ {
proxy_pass http://{{ manager_ip }}:7000/;
- proxy_read_timeout 90;
- proxy_connect_timeout 90;
+ proxy_read_timeout 300;
+ proxy_connect_timeout 300;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/salt/patch/os/schedule.sls b/salt/patch/os/schedule.sls
index a91e61dfe..4ad9a454e 100644
--- a/salt/patch/os/schedule.sls
+++ b/salt/patch/os/schedule.sls
@@ -1,12 +1,12 @@
{% if salt['pillar.get']('patch:os:schedule_name') %}
- {% set patch_os_pillar = salt['pillar.get']('patch:os') %}
- {% set schedule_name = patch_os_pillar.schedule_name %}
- {% set splay = patch_os_pillar.get('splay', 300) %}
+ {% set patch_os_pillar = salt['pillar.get']('patch:os') %}
+ {% set schedule_name = patch_os_pillar.schedule_name %}
+ {% set splay = patch_os_pillar.get('splay', 300) %}
- {% if schedule_name != 'manual' and schedule_name != 'auto' %}
- {% import_yaml "patch/os/schedules/"~schedule_name~".yml" as os_schedule %}
+ {% if schedule_name != 'manual' and schedule_name != 'auto' %}
+ {% import_yaml "patch/os/schedules/"~schedule_name~".yml" as os_schedule %}
- {% if patch_os_pillar.enabled %}
+ {% if patch_os_pillar.enabled %}
patch_os_schedule:
schedule.present:
@@ -14,28 +14,28 @@ patch_os_schedule:
- job_args:
- patch.os
- when:
- {% for days in os_schedule.patch.os.schedule %}
- {% for day, times in days.items() %}
- {% for time in times %}
+ {% for days in os_schedule.patch.os.schedule %}
+ {% for day, times in days.items() %}
+ {% for time in times %}
- {{day}} {{time}}
+ {% endfor %}
{% endfor %}
{% endfor %}
- {% endfor %}
- splay: {{splay}}
- return_job: True
- {% else %}
+ {% else %}
disable_patch_os_schedule:
schedule.disabled:
- name: patch_os_schedule
- {% endif %}
+ {% endif %}
- {% elif schedule_name == 'auto' %}
+ {% elif schedule_name == 'auto' %}
- {% if patch_os_pillar.enabled %}
+ {% if patch_os_pillar.enabled %}
patch_os_schedule:
schedule.present:
@@ -46,21 +46,21 @@ patch_os_schedule:
- splay: {{splay}}
- return_job: True
- {% else %}
+ {% else %}
disable_patch_os_schedule:
schedule.disabled:
- name: patch_os_schedule
- {% endif %}
+ {% endif %}
- {% elif schedule_name == 'manual' %}
+ {% elif schedule_name == 'manual' %}
remove_patch_os_schedule:
schedule.absent:
- name: patch_os_schedule
- {% endif %}
+ {% endif %}
{% else %}
diff --git a/salt/pipeline/load.sls b/salt/pipeline/load.sls
new file mode 100644
index 000000000..a43450d0a
--- /dev/null
+++ b/salt/pipeline/load.sls
@@ -0,0 +1,4 @@
+load_elastic_pipelines:
+ cmd.run:
+ - name: /usr/sbin/so-filebeat-module-setup
+
\ No newline at end of file
diff --git a/salt/registry/init.sls b/salt/registry/init.sls
index 1cec55fd2..eb0c2df0c 100644
--- a/salt/registry/init.sls
+++ b/salt/registry/init.sls
@@ -43,6 +43,10 @@ so-dockerregistry:
- /nsm/docker-registry/docker:/var/lib/registry/docker:rw
- /etc/pki/registry.crt:/etc/pki/registry.crt:ro
- /etc/pki/registry.key:/etc/pki/registry.key:ro
+ - client_timeout: 180
+ - retry:
+ attempts: 5
+ interval: 30
append_so-dockerregistry_so-status.conf:
file.append:
@@ -55,4 +59,4 @@ append_so-dockerregistry_so-status.conf:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
-{% endif %}
\ No newline at end of file
+{% endif %}
diff --git a/salt/salt/files/influxdb_continuous_query.py.patch b/salt/salt/files/influxdb_continuous_query.py.patch
new file mode 100644
index 000000000..a596983ff
--- /dev/null
+++ b/salt/salt/files/influxdb_continuous_query.py.patch
@@ -0,0 +1,4 @@
+60c60
+< database, name, query, resample_time, coverage_period
+---
+> database, name, query, resample_time, coverage_period, **client_args
diff --git a/salt/salt/files/influxdb_retention_policy.py.patch b/salt/salt/files/influxdb_retention_policy.py.patch
new file mode 100644
index 000000000..7180f8934
--- /dev/null
+++ b/salt/salt/files/influxdb_retention_policy.py.patch
@@ -0,0 +1,16 @@
+38c38
+< hours = int(duration.split("h"))
+---
+> hours = int(duration.split("h")[0])
+52c52
+< def present(name, database, duration="7d", replication=1, default=False, **client_args):
+---
+> def present(name, database, duration="7d", replication=1, default=False, shard_duration="1d", **client_args):
+77c77
+< database, name, duration, replication, default, **client_args
+---
+> database, name, duration, replication, shard_duration, default, **client_args
+119c119
+< database, name, duration, replication, default, **client_args
+---
+> database, name, duration, replication, shard_duration, default, **client_args
diff --git a/salt/salt/files/influxdbmod.py.patch b/salt/salt/files/influxdbmod.py.patch
new file mode 100644
index 000000000..b653265cb
--- /dev/null
+++ b/salt/salt/files/influxdbmod.py.patch
@@ -0,0 +1,16 @@
+427c427
+< database, name, duration, replication, default=False, **client_args
+---
+> database, name, duration, replication, shard_duration, default=False, **client_args
+462c462
+< client.create_retention_policy(name, duration, replication, database, default)
+---
+> client.create_retention_policy(name, duration, replication, database, default, shard_duration)
+468c468
+< database, name, duration, replication, default=False, **client_args
+---
+> database, name, duration, replication, shard_duration, default=False, **client_args
+504c504
+< client.alter_retention_policy(name, database, duration, replication, default)
+---
+> client.alter_retention_policy(name, database, duration, replication, default, shard_duration)
diff --git a/salt/salt/helper-packages.sls b/salt/salt/helper-packages.sls
new file mode 100644
index 000000000..32480c163
--- /dev/null
+++ b/salt/salt/helper-packages.sls
@@ -0,0 +1,3 @@
+patch_package:
+ pkg.installed:
+ - name: patch
diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja
index 7b32b9841..3ef334752 100644
--- a/salt/salt/map.jinja
+++ b/salt/salt/map.jinja
@@ -5,10 +5,22 @@
{% set SPLITCHAR = '+' %}
{% set SALTNOTHELD = salt['cmd.run']('apt-mark showhold | grep -q salt ; echo $?', python_shell=True) %}
{% set SALTPACKAGES = ['salt-common', 'salt-master', 'salt-minion'] %}
+ {% set SALT_STATE_CODE_PATH = '/usr/lib/python3/dist-packages/salt/states' %}
+ {% set SALT_MODULE_CODE_PATH = '/usr/lib/python3/dist-packages/salt/modules' %}
+ {% set PYTHONINFLUXVERSION = '5.3.1' %}
+ {% set PYTHON3INFLUX= 'influxdb == ' ~ PYTHONINFLUXVERSION %}
+ {% set PYTHON3INFLUXDEPS= ['certifi', 'chardet', 'python-dateutil', 'pytz', 'requests'] %}
+ {% set PYTHONINSTALLER = 'pip' %}
{% else %}
{% set SPLITCHAR = '-' %}
{% set SALTNOTHELD = salt['cmd.run']('yum versionlock list | grep -q salt ; echo $?', python_shell=True) %}
{% set SALTPACKAGES = ['salt', 'salt-master', 'salt-minion'] %}
+ {% set SALT_STATE_CODE_PATH = '/usr/lib/python3.6/site-packages/salt/states' %}
+ {% set SALT_MODULE_CODE_PATH = '/usr/lib/python3.6/site-packages/salt/modules' %}
+ {% set PYTHONINFLUXVERSION = '5.3.1' %}
+ {% set PYTHON3INFLUX= 'securityonion-python3-influxdb' %}
+ {% set PYTHON3INFLUXDEPS= ['python36-certifi', 'python36-chardet', 'python36-dateutil', 'python36-pytz', 'python36-requests'] %}
+ {% set PYTHONINSTALLER = 'pkg' %}
{% endif %}
{% set INSTALLEDSALTVERSION = salt['pkg.version']('salt-minion').split(SPLITCHAR)[0] %}
@@ -21,4 +33,4 @@
{% endif %}
{% else %}
{% set UPGRADECOMMAND = 'echo Already running Salt Minion version ' ~ SALTVERSION %}
-{% endif %}
\ No newline at end of file
+{% endif %}
diff --git a/salt/salt/minion-check.sls b/salt/salt/minion-check.sls
index e8a0c2639..66ab732e2 100644
--- a/salt/salt/minion-check.sls
+++ b/salt/salt/minion-check.sls
@@ -1,6 +1,6 @@
include:
- salt.minion-state-apply-test
-
+
state-apply-test:
schedule.present:
- name: salt-minion-state-apply-test
@@ -16,4 +16,4 @@ state-apply-test:
cron.present:
- identifier: so-salt-minion-check
- user: root
- - minute: '*/5'
\ No newline at end of file
+ - minute: '*/5'
diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls
index f5770621b..3db257d1b 100644
--- a/salt/salt/minion.sls
+++ b/salt/salt/minion.sls
@@ -8,6 +8,7 @@
include:
- salt
+ - salt.helper-packages
- systemd.reload
{% if INSTALLEDSALTVERSION|string != SALTVERSION|string %}
@@ -82,4 +83,8 @@ salt_minion_service:
service.running:
- name: salt-minion
- enable: True
- - onlyif: test "{{INSTALLEDSALTVERSION}}" == "{{SALTVERSION}}"
\ No newline at end of file
+ - onlyif: test "{{INSTALLEDSALTVERSION}}" == "{{SALTVERSION}}"
+
+patch_pkg:
+ pkg.installed:
+ - name: patch
\ No newline at end of file
diff --git a/salt/salt/python3-influxdb.sls b/salt/salt/python3-influxdb.sls
new file mode 100644
index 000000000..7a59c4303
--- /dev/null
+++ b/salt/salt/python3-influxdb.sls
@@ -0,0 +1,70 @@
+{% from "salt/map.jinja" import SALT_STATE_CODE_PATH with context %}
+{% from "salt/map.jinja" import SALT_MODULE_CODE_PATH with context %}
+{% from "salt/map.jinja" import PYTHON3INFLUX with context %}
+{% from "salt/map.jinja" import PYTHON3INFLUXDEPS with context %}
+{% from "salt/map.jinja" import PYTHONINSTALLER with context %}
+
+include:
+ - salt.helper-packages
+
+python3_influxdb_dependencies:
+ {{PYTHONINSTALLER}}.installed:
+ - pkgs: {{ PYTHON3INFLUXDEPS }}
+
+python3_influxdb:
+ {{PYTHONINSTALLER}}.installed:
+ - name: {{ PYTHON3INFLUX }}
+
+# We circumvent the file.patch state putting ERROR in the log by using the unless and file.touch below
+# https://github.com/saltstack/salt/pull/47010 and https://github.com/saltstack/salt/issues/52329
+
+#https://github.com/saltstack/salt/issues/59766
+influxdb_continuous_query.present_patch:
+ file.patch:
+ - name: {{ SALT_STATE_CODE_PATH }}/influxdb_continuous_query.py
+ - source: salt://salt/files/influxdb_continuous_query.py.patch
+ - require:
+ - {{PYTHONINSTALLER}}: python3_influxdb
+ - pkg: patch_package
+ - unless: ls /opt/so/state/influxdb_continuous_query.py.patched
+
+influxdb_continuous_query.py.patched:
+ file.touch:
+ - name: /opt/so/state/influxdb_continuous_query.py.patched
+ - onchanges:
+ - file: influxdb_continuous_query.present_patch
+
+#https://github.com/saltstack/salt/issues/59761
+influxdb_retention_policy.present_patch:
+ file.patch:
+ - name: {{ SALT_STATE_CODE_PATH }}/influxdb_retention_policy.py
+ - source: salt://salt/files/influxdb_retention_policy.py.patch
+ - require:
+ - {{PYTHONINSTALLER}}: python3_influxdb
+ - pkg: patch_package
+ - unless: ls /opt/so/state/influxdb_retention_policy.py.patched
+
+influxdb_retention_policy.py.patched:
+ file.touch:
+ - name: /opt/so/state/influxdb_retention_policy.py.patched
+ - onchanges:
+ - file: influxdb_retention_policy.present_patch
+
+# We should be able to set reload_modules: True in this state in order to tell salt to reload its python modules due to us possibly installing
+# and possibly modifying modules in this state. This is bugged according to https://github.com/saltstack/salt/issues/24925
+influxdbmod.py_shard_duration_patch:
+ file.patch:
+ - name: {{ SALT_MODULE_CODE_PATH }}/influxdbmod.py
+ - source: salt://salt/files/influxdbmod.py.patch
+ - require:
+ - {{PYTHONINSTALLER}}: python3_influxdb
+ - pkg: patch_package
+ - unless: ls /opt/so/state/influxdbmod.py.patched
+
+influxdbmod.py.patched:
+ file.touch:
+ - name: /opt/so/state/influxdbmod.py.patched
+ - onchanges:
+ - file: influxdbmod.py_shard_duration_patch
+
+
diff --git a/salt/soc/files/kratos/kratos.yaml b/salt/soc/files/kratos/kratos.yaml
index c26aeec3f..b1174af58 100644
--- a/salt/soc/files/kratos/kratos.yaml
+++ b/salt/soc/files/kratos/kratos.yaml
@@ -1,10 +1,16 @@
{%- set WEBACCESS = salt['pillar.get']('global:url_base', '') -%}
{%- set KRATOSKEY = salt['pillar.get']('kratos:kratoskey', '') -%}
+{%- set SESSIONTIMEOUT = salt['pillar.get']('kratos:sessiontimeout', '24h') -%}
+
+session:
+ lifespan: {{ SESSIONTIMEOUT }}
selfservice:
methods:
password:
enabled: true
+ config:
+ haveibeenpwned_enabled: false
flows:
settings:
@@ -41,12 +47,8 @@ serve:
base_url: https://{{ WEBACCESS }}/kratos/
hashers:
- argon2:
- parallelism: 2
- memory: 16384
- iterations: 3
- salt_length: 16
- key_length: 32
+ bcrypt:
+ cost: 12
identity:
default_schema_url: file:///kratos-conf/schema.json
diff --git a/salt/soc/files/soc/alerts.actions.json b/salt/soc/files/soc/alerts.actions.json
index c0543d8fc..1addf23c6 100644
--- a/salt/soc/files/soc/alerts.actions.json
+++ b/salt/soc/files/soc/alerts.actions.json
@@ -1,29 +1 @@
-[
- { "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "target": "",
- "links": [
- "/#/hunt?q=\"{value|escape}\" | groupby event.module event.dataset"
- ]},
- { "name": "actionCorrelate", "description": "actionCorrelateHelp", "icon": "fab fa-searchengin", "target": "",
- "links": [
- "/#/hunt?q=(\"{:log.id.fuid}\" OR \"{:log.id.uid}\" OR \"{:network.community_id}\") | groupby event.module event.dataset",
- "/#/hunt?q=(\"{:log.id.fuid}\" OR \"{:log.id.uid}\") | groupby event.module event.dataset",
- "/#/hunt?q=(\"{:log.id.fuid}\" OR \"{:network.community_id}\") | groupby event.module event.dataset",
- "/#/hunt?q=(\"{:log.id.uid}\" OR \"{:network.community_id}\") | groupby event.module event.dataset",
- "/#/hunt?q=\"{:log.id.fuid}\" | groupby event.module event.dataset",
- "/#/hunt?q=\"{:log.id.uid}\" | groupby event.module event.dataset",
- "/#/hunt?q=\"{:network.community_id}\" | groupby event.module event.dataset"
- ]},
- { "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "target": "",
- "links": [
- "/joblookup?esid={:soc_id}",
- "/joblookup?ncid={:network.community_id}"
- ]},
- { "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "target": "_blank",
- "links": [
- "https://www.google.com/search?q={value}"
- ]},
- { "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "target": "_blank",
- "links": [
- "https://www.virustotal.com/gui/search/{value}"
- ]}
-]
\ No newline at end of file
+This file is no longer used. Please use menu.actions.json instead.
diff --git a/salt/soc/files/soc/hunt.actions.json b/salt/soc/files/soc/hunt.actions.json
index c0543d8fc..1addf23c6 100644
--- a/salt/soc/files/soc/hunt.actions.json
+++ b/salt/soc/files/soc/hunt.actions.json
@@ -1,29 +1 @@
-[
- { "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "target": "",
- "links": [
- "/#/hunt?q=\"{value|escape}\" | groupby event.module event.dataset"
- ]},
- { "name": "actionCorrelate", "description": "actionCorrelateHelp", "icon": "fab fa-searchengin", "target": "",
- "links": [
- "/#/hunt?q=(\"{:log.id.fuid}\" OR \"{:log.id.uid}\" OR \"{:network.community_id}\") | groupby event.module event.dataset",
- "/#/hunt?q=(\"{:log.id.fuid}\" OR \"{:log.id.uid}\") | groupby event.module event.dataset",
- "/#/hunt?q=(\"{:log.id.fuid}\" OR \"{:network.community_id}\") | groupby event.module event.dataset",
- "/#/hunt?q=(\"{:log.id.uid}\" OR \"{:network.community_id}\") | groupby event.module event.dataset",
- "/#/hunt?q=\"{:log.id.fuid}\" | groupby event.module event.dataset",
- "/#/hunt?q=\"{:log.id.uid}\" | groupby event.module event.dataset",
- "/#/hunt?q=\"{:network.community_id}\" | groupby event.module event.dataset"
- ]},
- { "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "target": "",
- "links": [
- "/joblookup?esid={:soc_id}",
- "/joblookup?ncid={:network.community_id}"
- ]},
- { "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "target": "_blank",
- "links": [
- "https://www.google.com/search?q={value}"
- ]},
- { "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "target": "_blank",
- "links": [
- "https://www.virustotal.com/gui/search/{value}"
- ]}
-]
\ No newline at end of file
+This file is no longer used. Please use menu.actions.json instead.
diff --git a/salt/soc/files/soc/hunt.queries.json b/salt/soc/files/soc/hunt.queries.json
index 93295364d..2aaef8e59 100644
--- a/salt/soc/files/soc/hunt.queries.json
+++ b/salt/soc/files/soc/hunt.queries.json
@@ -63,4 +63,4 @@
{ "name": "x509", "description": "x.509 grouped by name and issuer", "query": "event.dataset:x509 | groupby x509.san_dns x509.certificate.issuer"},
{ "name": "x509", "description": "x.509 grouped by name and subject", "query": "event.dataset:x509 | groupby x509.san_dns x509.certificate.subject"},
{ "name": "Firewall", "description": "Firewall events grouped by action", "query": "event.dataset:firewall | groupby rule.action"}
- ]
+ ]
\ No newline at end of file
diff --git a/salt/soc/files/soc/menu.actions.json b/salt/soc/files/soc/menu.actions.json
new file mode 100644
index 000000000..665ca4c39
--- /dev/null
+++ b/salt/soc/files/soc/menu.actions.json
@@ -0,0 +1,33 @@
+[
+ { "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "target": "",
+ "links": [
+ "/#/hunt?q=\"{value|escape}\" | groupby event.module event.dataset"
+ ]},
+ { "name": "actionCorrelate", "description": "actionCorrelateHelp", "icon": "fab fa-searchengin", "target": "",
+ "links": [
+ "/#/hunt?q=(\"{:log.id.fuid}\" OR \"{:log.id.uid}\" OR \"{:network.community_id}\") | groupby event.module event.dataset",
+ "/#/hunt?q=(\"{:log.id.fuid}\" OR \"{:log.id.uid}\") | groupby event.module event.dataset",
+ "/#/hunt?q=(\"{:log.id.fuid}\" OR \"{:network.community_id}\") | groupby event.module event.dataset",
+ "/#/hunt?q=(\"{:log.id.uid}\" OR \"{:network.community_id}\") | groupby event.module event.dataset",
+ "/#/hunt?q=\"{:log.id.fuid}\" | groupby event.module event.dataset",
+ "/#/hunt?q=\"{:log.id.uid}\" | groupby event.module event.dataset",
+ "/#/hunt?q=\"{:network.community_id}\" | groupby event.module event.dataset"
+ ]},
+ { "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "target": "",
+ "links": [
+ "/joblookup?esid={:soc_id}&time={:@timestamp}",
+ "/joblookup?ncid={:network.community_id}&time={:@timestamp}"
+ ]},
+ { "name": "actionCyberChef", "description": "actionCyberChefHelp", "icon": "fas fa-bread-slice", "target": "_blank",
+ "links": [
+ "/cyberchef/#input={value|base64}"
+ ]},
+ { "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "target": "_blank",
+ "links": [
+ "https://www.google.com/search?q={value}"
+ ]},
+ { "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "target": "_blank",
+ "links": [
+ "https://www.virustotal.com/gui/search/{value}"
+ ]}
+]
diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json
index 5dfd364d2..36135b6e5 100644
--- a/salt/soc/files/soc/soc.json
+++ b/salt/soc/files/soc/soc.json
@@ -12,13 +12,19 @@
{%- set CACHE_EXPIRATION = salt['pillar.get']('sensoroni:cache_expiration_ms', 0) %}
{%- set ES_FIELDCAPS_CACHE = salt['pillar.get']('sensoroni:es_fieldcaps_cache_ms', '300000') %}
{%- import_json "soc/files/soc/alerts.queries.json" as alerts_queries %}
-{%- import_json "soc/files/soc/alerts.actions.json" as alerts_actions %}
{%- import_json "soc/files/soc/alerts.eventfields.json" as alerts_eventfields %}
{%- import_json "soc/files/soc/hunt.queries.json" as hunt_queries %}
-{%- import_json "soc/files/soc/hunt.actions.json" as hunt_actions %}
{%- import_json "soc/files/soc/hunt.eventfields.json" as hunt_eventfields %}
+{%- import_json "soc/files/soc/menu.actions.json" as menu_actions %}
{%- import_json "soc/files/soc/tools.json" as tools %}
{%- set DNET = salt['pillar.get']('global:dockernet', '172.17.0.0') %}
+{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
+{%- else %}
+{%- set ES_USER = '' %}
+{%- set ES_PASS = '' %}
+{%- endif %}
{
"logFilename": "/opt/sensoroni/logs/sensoroni-server.log",
@@ -48,10 +54,11 @@
{%- endfor %}
],
{%- endif %}
- "username": "",
- "password": "",
+ "username": "{{ ES_USER }}",
+ "password": "{{ ES_PASS }}",
"cacheMs": {{ ES_FIELDCAPS_CACHE }},
- "verifyCert": false
+ "verifyCert": false,
+ "timeoutMs": {{ API_TIMEOUT }}
},
"influxdb": {
{%- if grains['role'] in ['so-import'] or (grains['role'] == 'so-eval' and GRAFANA == 0) %}
@@ -123,8 +130,11 @@
"queryBaseFilter": "",
"queryToggleFilters": [],
"queries": {{ hunt_queries | json }},
- "actions": {{ hunt_actions | json }}
+ "actions": {{ menu_actions | json }}
},
+ "job": {
+ "actions": {{ menu_actions | json }}
+ },
"alerts": {
"advanced": false,
"groupItemsPerPage": 50,
@@ -143,7 +153,7 @@
{ "name": "escalated", "filter": "event.escalated:true", "enabled": false, "exclusive": true, "enablesToggles":["acknowledged"] }
],
"queries": {{ alerts_queries | json }},
- "actions": {{ alerts_actions | json }}
+ "actions": {{ menu_actions | json }}
}
}
}
diff --git a/salt/soc/init.sls b/salt/soc/init.sls
index 18fda41da..b8cdb09ba 100644
--- a/salt/soc/init.sls
+++ b/salt/soc/init.sls
@@ -62,6 +62,14 @@ soccustom:
- mode: 600
- template: jinja
+# we dont want this added too early in setup, so we add the onlyif to verify 'startup_states: highstate'
+# is in the minion config. That line is added before the final highstate during setup
+sosyncusers:
+ cron.present:
+ - user: root
+ - name: 'PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin /usr/sbin/so-user sync &>> /opt/so/log/soc/sync.log'
+ - onlyif: "grep 'startup_states: highstate' /etc/salt/minion"
+
so-soc:
docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-soc:{{ VERSION }}
diff --git a/salt/soctopus/files/SOCtopus.conf b/salt/soctopus/files/SOCtopus.conf
index b6ee45e74..bb95c2667 100644
--- a/salt/soctopus/files/SOCtopus.conf
+++ b/salt/soctopus/files/SOCtopus.conf
@@ -3,13 +3,19 @@
{%- set HIVEKEY = salt['pillar.get']('global:hivekey', '') %}
{%- set CORTEXKEY = salt['pillar.get']('global:cortexorguserkey', '') %}
{%- set PLAYBOOK_KEY = salt['pillar.get']('playbook:api_key', '') %}
-
+{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
+{%- else %}
+{%- set ES_USER = '' %}
+{%- set ES_PASS = '' %}
+{%- endif %}
[es]
es_url = https://{{MANAGER}}:9200
es_ip = {{MANAGER}}
-es_user =
-es_pass =
+es_user = {{ ES_USER }}
+es_pass = {{ ES_PASS }}
es_index_pattern = so-*
es_verifycert = no
diff --git a/salt/soctopus/files/templates/generic.template b/salt/soctopus/files/templates/generic.template
index f956eb8a6..c3733db2c 100644
--- a/salt/soctopus/files/templates/generic.template
+++ b/salt/soctopus/files/templates/generic.template
@@ -1,4 +1,5 @@
{% set es = salt['pillar.get']('global:url_base', '') %}
+
alert:
- "modules.so.playbook-es.PlaybookESAlerter"
@@ -12,4 +13,4 @@ rule.category:
play_url: "https://{{ es }}/playbook/issues/6000"
kibana_pivot: "https://{{es}}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{[_id]}'),sort:!('@timestamp',desc))"
soc_pivot: "https://{{es}}/#/hunt"
-sigma_level: ""
\ No newline at end of file
+sigma_level: ""
diff --git a/salt/soctopus/files/templates/osquery.template b/salt/soctopus/files/templates/osquery.template
index 0410cb288..f937de5ea 100644
--- a/salt/soctopus/files/templates/osquery.template
+++ b/salt/soctopus/files/templates/osquery.template
@@ -1,4 +1,5 @@
{% set es = salt['pillar.get']('global:url_base', '') %}
+
alert:
- "modules.so.playbook-es.PlaybookESAlerter"
@@ -11,4 +12,4 @@ rule.category:
play_url: "https://{{ es }}/playbook/issues/6000"
kibana_pivot: "https://{{es}}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{[_id]}'),sort:!('@timestamp',desc))"
soc_pivot: "https://{{es}}/#/hunt"
-sigma_level: ""
\ No newline at end of file
+sigma_level: ""
diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 861d08fcd..5786437f6 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -79,6 +79,7 @@ removeesp12dir:
- signing_policy: influxdb
- public_key: /etc/pki/influxdb.key
- CN: {{ manager }}
+ - subjectAltName: DNS:{{ HOSTNAME }}
- days_remaining: 0
- days_valid: 820
- backup: True
diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls
index 58bbe2a05..4cbda4bb4 100644
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -13,7 +13,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
{% from 'allowed_states.map.jinja' import allowed_states %}
-{% if sls in allowed_states %}
+{% if sls in allowed_states and grains.role not in ['so-manager', 'so-managersearch'] %}
{% set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
@@ -205,4 +205,4 @@ clean_suricata_eve_files:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
-{% endif %}
\ No newline at end of file
+{% endif %}
diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf
index af3474913..44e78ecda 100644
--- a/salt/telegraf/etc/telegraf.conf
+++ b/salt/telegraf/etc/telegraf.conf
@@ -14,6 +14,8 @@
# for numbers and booleans they should be plain (ie, $INT_VAR, $BOOL_VAR)
{%- set MANAGER = salt['grains.get']('master') %}
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
{% set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %}
{% set HELIX_API_KEY = salt['pillar.get']('fireeye:helix:api_key', '') %}
{% set UNIQUEID = salt['pillar.get']('sensor:uniqueid', '') %}
@@ -620,10 +622,16 @@
{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone'] %}
[[inputs.elasticsearch]]
servers = ["https://{{ MANAGER }}:9200"]
+{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+ username = "{{ ES_USER }}"
+ password = "{{ ES_PASS }}"
+{% endif %}
insecure_skip_verify = true
{% elif grains['role'] in ['so-node', 'so-hotnode', 'so-warmnode', 'so-heavynode'] %}
[[inputs.elasticsearch]]
servers = ["https://{{ NODEIP }}:9200"]
+ username = "{{ ES_USER }}"
+ password = "{{ ES_PASS }}"
insecure_skip_verify = true
{% endif %}
diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls
index cea4d3f45..14373fe9d 100644
--- a/salt/telegraf/init.sls
+++ b/salt/telegraf/init.sls
@@ -38,6 +38,7 @@ tgrafconf:
- name: /opt/so/conf/telegraf/etc/telegraf.conf
- user: 939
- group: 939
+ - mode: 660
- template: jinja
- source: salt://telegraf/etc/telegraf.conf
diff --git a/salt/top.sls b/salt/top.sls
index 10b9ddcc4..ef1f20599 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -39,7 +39,6 @@ base:
- patch.os.schedule
- motd
- salt.minion-check
- - sensoroni
- salt.lasthighstate
'*_helixsensor and G@saltversion:{{saltversion}}':
@@ -48,6 +47,7 @@ base:
- ca
- ssl
- registry
+ - sensoroni
- telegraf
- firewall
- idstools
@@ -67,6 +67,7 @@ base:
- match: compound
- ca
- ssl
+ - sensoroni
- telegraf
- firewall
- nginx
@@ -93,6 +94,7 @@ base:
- ca
- ssl
- registry
+ - sensoroni
- manager
- nginx
- telegraf
@@ -154,6 +156,7 @@ base:
- domainstats
{%- endif %}
- docker_clean
+ - pipeline.load
'*_manager and G@saltversion:{{saltversion}}':
- match: compound
@@ -161,6 +164,7 @@ base:
- ca
- ssl
- registry
+ - sensoroni
- nginx
- telegraf
- influxdb
@@ -214,6 +218,7 @@ base:
- domainstats
{%- endif %}
- docker_clean
+ - pipeline.load
'*_standalone and G@saltversion:{{saltversion}}':
- match: compound
@@ -221,6 +226,7 @@ base:
- ca
- ssl
- registry
+ - sensoroni
- manager
- nginx
- telegraf
@@ -286,11 +292,13 @@ base:
- domainstats
{%- endif %}
- docker_clean
+ - pipeline.load
'*_searchnode and G@saltversion:{{saltversion}}':
- match: compound
- ca
- ssl
+ - sensoroni
- nginx
- telegraf
- firewall
@@ -314,6 +322,7 @@ base:
{%- endif %}
- schedule
- docker_clean
+ - pipeline.load
'*_managersearch and G@saltversion:{{saltversion}}':
- match: compound
@@ -321,6 +330,7 @@ base:
- ca
- ssl
- registry
+ - sensoroni
- nginx
- telegraf
- influxdb
@@ -378,11 +388,13 @@ base:
- domainstats
{%- endif %}
- docker_clean
+ - pipeline.load
'*_heavynode and G@saltversion:{{saltversion}}':
- match: compound
- ca
- ssl
+ - sensoroni
- nginx
- telegraf
- firewall
@@ -420,11 +432,13 @@ base:
{%- endif %}
- schedule
- docker_clean
+ - pipeline.load
'*_fleet and G@saltversion:{{saltversion}}':
- match: compound
- ca
- ssl
+ - sensoroni
- nginx
- telegraf
- firewall
@@ -442,6 +456,7 @@ base:
- ca
- ssl
- registry
+ - sensoroni
- manager
- nginx
- soc
@@ -463,3 +478,4 @@ base:
- zeek
- schedule
- docker_clean
+ - pipeline.load
diff --git a/salt/utility/bin/crossthestreams b/salt/utility/bin/crossthestreams
index 3838f67df..0b2d17918 100644
--- a/salt/utility/bin/crossthestreams
+++ b/salt/utility/bin/crossthestreams
@@ -8,7 +8,7 @@ echo -n "Waiting for ElasticSearch..."
COUNT=0
ELASTICSEARCH_CONNECTED="no"
while [[ "$COUNT" -le 30 ]]; do
- curl -k --output /dev/null --silent --head --fail -L https://{{ ES }}:9200
+ {{ ELASTICCURL }} -k --output /dev/null --silent --head --fail -L https://{{ ES }}:9200
if [ $? -eq 0 ]; then
ELASTICSEARCH_CONNECTED="yes"
echo "connected!"
@@ -28,7 +28,7 @@ if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then
fi
echo "Applying cross cluster search config..."
- curl -s -k -XPUT -L https://{{ ES }}:9200/_cluster/settings \
+ {{ ELASTICCURL }} -s -k -XPUT -L https://{{ ES }}:9200/_cluster/settings \
-H 'Content-Type: application/json' \
-d "{\"persistent\": {\"search\": {\"remote\": {\"{{ MANAGER }}\": {\"seeds\": [\"127.0.0.1:9300\"]}}}}}"
@@ -36,7 +36,7 @@ echo "Applying cross cluster search config..."
{%- if TRUECLUSTER is sameas false %}
{%- if salt['pillar.get']('nodestab', {}) %}
{%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
-curl -s -k -XPUT -L https://{{ ES }}:9200/_cluster/settings -H'Content-Type: application/json' -d '{"persistent": {"search": {"remote": {"{{ SN }}": {"skip_unavailable": "true", "seeds": ["{{ SN.split('_')|first }}:9300"]}}}}}'
+{{ ELASTICCURL }} -s -k -XPUT -L https://{{ ES }}:9200/_cluster/settings -H'Content-Type: application/json' -d '{"persistent": {"search": {"remote": {"{{ SN }}": {"skip_unavailable": "true", "seeds": ["{{ SN.split('_')|first }}:9300"]}}}}}'
{%- endfor %}
{%- endif %}
{%- endif %}
diff --git a/salt/utility/bin/eval b/salt/utility/bin/eval
index dcf46de7a..eba0df039 100644
--- a/salt/utility/bin/eval
+++ b/salt/utility/bin/eval
@@ -6,7 +6,7 @@ echo -n "Waiting for ElasticSearch..."
COUNT=0
ELASTICSEARCH_CONNECTED="no"
while [[ "$COUNT" -le 30 ]]; do
- curl -k --output /dev/null --silent --head --fail -L https://{{ ES }}:9200
+ {{ ELASTICCURL }} -k --output /dev/null --silent --head --fail -L https://{{ ES }}:9200
if [ $? -eq 0 ]; then
ELASTICSEARCH_CONNECTED="yes"
echo "connected!"
@@ -26,6 +26,6 @@ if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then
fi
echo "Applying cross cluster search config..."
- curl -s -k -XPUT -L https://{{ ES }}:9200/_cluster/settings \
+ {{ ELASTICCURL }} -s -k -XPUT -L https://{{ ES }}:9200/_cluster/settings \
-H 'Content-Type: application/json' \
-d "{\"persistent\": {\"search\": {\"remote\": {\"{{ grains.host }}\": {\"seeds\": [\"127.0.0.1:9300\"]}}}}}"
diff --git a/salt/utility/init.sls b/salt/utility/init.sls
index d8b8539fa..1ff69ae71 100644
--- a/salt/utility/init.sls
+++ b/salt/utility/init.sls
@@ -1,27 +1,31 @@
{% from 'allowed_states.map.jinja' import allowed_states %}
+
{% if sls in allowed_states %}
+ {% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %}
# This state is for checking things
-{% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] %}
+ {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] %}
# Make sure Cross Cluster is good. Will need some logic once we have hot/warm
crossclusterson:
cmd.script:
- shell: /bin/bash
- cwd: /opt/so
- - runas: socore
- source: salt://utility/bin/crossthestreams
- template: jinja
+ - defaults:
+ ELASTICCURL: {{ ELASTICAUTH.elasticcurl }}
-{% endif %}
-{% if grains['role'] in ['so-eval', 'so-import'] %}
+ {% endif %}
+ {% if grains['role'] in ['so-eval', 'so-import'] %}
fixsearch:
cmd.script:
- shell: /bin/bash
- cwd: /opt/so
- - runas: socore
- source: salt://utility/bin/eval
- template: jinja
-{% endif %}
+ - defaults:
+ ELASTICCURL: {{ ELASTICAUTH.elasticcurl }}
+ {% endif %}
{% else %}
diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls
index 02c1cc1ba..ce0d6dccd 100644
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -76,9 +76,9 @@ zeekpolicysync:
# Ensure the zeek spool tree (and state.db) ownership is correct
zeekspoolownership:
file.directory:
- - name: /nsm/zeek/spool
+ - name: /nsm/zeek
- user: 937
- - max_depth: 0
+ - max_depth: 1
- recurse:
- user
@@ -183,6 +183,8 @@ so-zeek:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-zeek:{{ VERSION }}
- start: {{ START }}
- privileged: True
+ - ulimits:
+ - core=0
- binds:
- /nsm/zeek/logs:/nsm/zeek/logs:rw
- /nsm/zeek/spool:/nsm/zeek/spool:rw
diff --git a/setup/so-functions b/setup/so-functions
index 2c256adbf..ff019953e 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -120,7 +120,9 @@ add_web_user() {
wait_for_file /opt/so/conf/kratos/db/db.sqlite 30 5
{
echo "Attempting to add administrator user for web interface...";
+ export SKIP_STATE_APPLY=true
echo "$WEBPASSWD1" | /usr/sbin/so-user add "$WEBUSER";
+ unset SKIP_STATE_APPLY
echo "Add user result: $?";
} >> "/root/so-user-add.log" 2>&1
}
@@ -896,7 +898,8 @@ compare_main_nic_ip() {
This is not a supported configuration, please remediate and rerun setup.
EOM
- [[ -n $TESTING ]] || whiptail --title "Security Onion Setup" --msgbox "$message" 10 75
+
+ [[ -n $TESTING ]] || whiptail --title "$whiptail_title" --msgbox "$message" 10 75
kill -SIGINT "$(ps --pid $$ -oppid=)"; exit 1
fi
else
@@ -1348,15 +1351,16 @@ filter_unused_nics() {
nic_list=()
for nic in "${filtered_nics[@]}"; do
+ local nic_mac=$(cat "/sys/class/net/${nic}/address" 2>/dev/null)
case $(cat "/sys/class/net/${nic}/carrier" 2>/dev/null) in
1)
- nic_list+=("$nic" "Link UP " "OFF")
+ nic_list+=("$nic" "$nic_mac Link UP " "OFF")
;;
0)
- nic_list+=("$nic" "Link DOWN " "OFF")
+ nic_list+=("$nic" "$nic_mac Link DOWN " "OFF")
;;
*)
- nic_list+=("$nic" "Link UNKNOWN " "OFF")
+ nic_list+=("$nic" "$nic_mac Link UNKNOWN " "OFF")
;;
esac
done
@@ -2078,7 +2082,7 @@ saltify() {
'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'FLEET' | 'HELIXSENSOR' | 'STANDALONE'| 'IMPORT')
reserve_group_ids >> "$setup_log" 2>&1
if [[ ! $is_iso ]]; then
- logCmd "yum -y install sqlite argon2 curl mariadb-devel"
+ logCmd "yum -y install sqlite curl mariadb-devel"
fi
# Download Ubuntu Keys in case manager updates = 1
mkdir -p /opt/so/gpg >> "$setup_log" 2>&1
@@ -2103,6 +2107,7 @@ saltify() {
{
if [[ ! $is_iso ]]; then
yum -y install salt-minion-3003\
+ httpd-tools\
python3\
python36-docker\
python36-dateutil\
@@ -2128,6 +2133,7 @@ saltify() {
fi
local pkg_arr=(
+ 'apache2-utils'
'ca-certificates'
'curl'
'software-properties-common'
@@ -2174,7 +2180,7 @@ saltify() {
retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || exit 1
set_progress_str 6 'Installing various dependencies'
- retry 50 10 "apt-get -y install sqlite3 argon2 libssl-dev" >> "$setup_log" 2>&1 || exit 1
+ retry 50 10 "apt-get -y install sqlite3 libssl-dev" >> "$setup_log" 2>&1 || exit 1
set_progress_str 7 'Installing salt-master'
retry 50 10 "apt-get -y install salt-master=3003+ds-1" >> "$setup_log" 2>&1 || exit 1
retry 50 10 "apt-mark hold salt-master" >> "$setup_log" 2>&1 || exit 1
@@ -2197,9 +2203,9 @@ saltify() {
retry 50 10 "apt-get -y install salt-minion=3003+ds-1 salt-common=3003+ds-1" >> "$setup_log" 2>&1 || exit 1
retry 50 10 "apt-mark hold salt-minion salt-common" >> "$setup_log" 2>&1 || exit 1
if [[ $OSVER != 'xenial' ]]; then
- retry 50 10 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging" >> "$setup_log" 2>&1 || exit 1
+ retry 50 10 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb" >> "$setup_log" 2>&1 || exit 1
else
- retry 50 10 "apt-get -y install python-pip python-dateutil python-m2crypto python-mysqldb python-packaging" >> "$setup_log" 2>&1 || exit 1
+ retry 50 10 "apt-get -y install python-pip python-dateutil python-m2crypto python-mysqldb python-packaging python-influxdb" >> "$setup_log" 2>&1 || exit 1
fi
fi
}
@@ -2826,7 +2832,6 @@ zeek_logs_enabled() {
" - conn"\
" - dce_rpc"\
" - dhcp"\
- " - dhcpv6"\
" - dnp3"\
" - dns"\
" - dpd"\
@@ -2837,25 +2842,20 @@ zeek_logs_enabled() {
" - irc"\
" - kerberos"\
" - modbus"\
- " - mqtt"\
" - notice"\
" - ntlm"\
- " - openvpn"\
" - pe"\
" - radius"\
" - rfb"\
" - rdp"\
- " - signatures"\
" - sip"\
" - smb_files"\
" - smb_mapping"\
" - smtp"\
" - snmp"\
- " - software"\
" - ssh"\
" - ssl"\
" - syslog"\
- " - telnet"\
" - tunnel"\
" - weird"\
" - mysql"\
@@ -2867,7 +2867,6 @@ zeek_logs_enabled() {
" - conn"\
" - dce_rpc"\
" - dhcp"\
- " - dhcpv6"\
" - dnp3"\
" - dns"\
" - dpd"\
@@ -2878,24 +2877,19 @@ zeek_logs_enabled() {
" - irc"\
" - kerberos"\
" - modbus"\
- " - mqtt"\
" - notice"\
" - ntlm"\
- " - openvpn"\
" - pe"\
" - radius"\
" - rfb"\
" - rdp"\
- " - signatures"\
" - sip"\
" - smb_files"\
" - smb_mapping"\
" - smtp"\
" - snmp"\
- " - software"\
" - ssh"\
" - ssl"\
- " - telnet"\
" - tunnel"\
" - weird"\
" - mysql"\
diff --git a/setup/so-setup b/setup/so-setup
index d7dd3b660..68490657f 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -108,11 +108,10 @@ catch() {
automated=no
progress() {
- local title='Security Onion Setup'
local msg=${1:-'Please wait while installing...'}
if [ $automated == no ]; then
- whiptail --title "$title" --gauge "$msg" 6 70 0 # append to text
+ whiptail --title "$whiptail_title" --gauge "$msg" 6 70 0 # append to text
else
cat >> $setup_log 2>&1
fi
@@ -291,7 +290,7 @@ if ! [[ -f $install_opt_file ]]; then
collect_hostname
fi
- whiptail_node_description
+ [[ ! ( $is_eval || $is_import ) ]] && whiptail_node_description
if [[ $reinit_networking ]] || ! [[ -f $net_init_file ]]; then
network_init_whiptail
@@ -752,6 +751,10 @@ echo "1" > /root/accept_changes
set_progress_str 60 "$(print_salt_state_apply 'manager')"
salt-call state.apply -l info manager >> $setup_log 2>&1
+
+ echo "Executing so-elastic-auth..." >> $setup_log 2>&1
+ ELASTIC_AUTH_SKIP_HIGHSTATE=true bash /opt/so/saltstack/default/salt/common/tools/sbin/so-elastic-auth true >> $setup_log 2>&1
+ echo "Finished so-elastic-auth..." >> $setup_log 2>&1
fi
set_progress_str 61 "$(print_salt_state_apply 'firewall')"
@@ -837,6 +840,13 @@ echo "1" > /root/accept_changes
set_progress_str 73 "Update playbook rules"
so-playbook-ruleupdate >> /root/setup_playbook_rule_update.log 2>&1 &
fi
+
+ if [[ "$GRAFANA" = 1 ]]; then
+ set_progress_str 74 "Installing InfluxDB and Grafana"
+ salt-call state.apply -l info influxdb >> $setup_log 2>&1
+ salt-call state.apply -l info grafana >> $setup_log 2>&1
+ fi
+
fi
if [[ "$OSQUERY" = 1 ]]; then
@@ -910,7 +920,7 @@ echo "1" > /root/accept_changes
checkin_at_boot >> $setup_log 2>&1
set_progress_str 95 'Verifying setup'
- salt-call -l info state.highstate >> $setup_log 2>&1
+ salt-call -l info state.highstate queue=True >> $setup_log 2>&1
} | progress
@@ -918,10 +928,11 @@ success=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
if [[ $success != 0 ]]; then SO_ERROR=1; fi
# Check entire setup log for errors or unexpected salt states and ensure cron jobs are not reporting errors to root's mailbox
-if grep -q -E "ERROR|Result: False" $setup_log || [[ -s /var/spool/mail/root && "$setup_type" == "iso" ]]; then
+# Ignore "Status .* was not found" due to output from salt http.query or http.wait_for_successful_query states used with retry
+if grep -E "ERROR|Result: False" $setup_log | grep -qvE "Status .* was not found" || [[ -s /var/spool/mail/root && "$setup_type" == "iso" ]]; then
SO_ERROR=1
- grep --color=never "ERROR" "$setup_log" > "$error_log"
+ grep --color=never "ERROR" "$setup_log" | grep -qvE "Status .* was not found" > "$error_log"
fi
if [[ -n $SO_ERROR ]]; then
@@ -960,4 +971,4 @@ fi
install_cleanup >> "$setup_log" 2>&1
-if [[ -z $SKIP_REBOOT ]]; then shutdown -r now; else exit; fi
\ No newline at end of file
+if [[ -z $SKIP_REBOOT ]]; then shutdown -r now; else exit; fi
diff --git a/setup/so-variables b/setup/so-variables
index 676cba4f0..a69ef9e1b 100644
--- a/setup/so-variables
+++ b/setup/so-variables
@@ -75,3 +75,6 @@ export net_init_file
ntp_string="0.pool.ntp.org,1.pool.ntp.org"
export ntp_string
+
+whiptail_title="Security Onion Setup - $SOVERSION"
+export whiptail_title
diff --git a/setup/so-whiptail b/setup/so-whiptail
index 5eca2d39a..afd691632 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -22,7 +22,7 @@ whiptail_airgap() {
local node_str='node'
[[ $is_manager || $is_import ]] && node_str='manager'
- INTERWEBS=$(whiptail --title "Security Onion Setup" --menu \
+ INTERWEBS=$(whiptail --title "$whiptail_title" --menu \
"How should this $node_str be installed?" 10 60 2 \
"Standard " "This $node_str has internet accesss" \
"Airgap " "This $node_str does not have internet access" 3>&1 1>&2 2>&3 )
@@ -42,7 +42,7 @@ whiptail_avoid_default_hostname() {
You can choose to use this default hostname anyway, or change it to a new hostname.
EOM
- whiptail --title "Security Onion Setup" \
+ whiptail --title "$whiptail_title" \
--yesno "$message" 11 75 \
--yes-button "Use Anyway" --no-button "Change" --defaultno
}
@@ -51,7 +51,7 @@ whiptail_basic_suri() {
[ -n "$TESTING" ] && return
- BASICSURI=$(whiptail --title "Security Onion Setup" --inputbox \
+ BASICSURI=$(whiptail --title "$whiptail_title" --inputbox \
"Enter the number of Suricata processes:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -63,8 +63,8 @@ whiptail_basic_zeek() {
[ -n "$TESTING" ] && return
- BASICZEEK=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter the number of zeek processes:" 10 75 "$1" 3>&1 1>&2 2>&3)
+ BASICZEEK=$(whiptail --title "$whiptail_title" --inputbox \
+ "Enter the number of Zeek processes:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -75,7 +75,7 @@ whiptail_bond_nics_mtu() {
[ -n "$TESTING" ] && return
# Set the MTU on the monitor interface
- MTU=$(whiptail --title "Security Onion Setup" --inputbox \
+ MTU=$(whiptail --title "$whiptail_title" --inputbox \
"Enter the MTU for the monitor NICs:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -84,7 +84,7 @@ whiptail_bond_nics_mtu() {
whiptail_cancel() {
- whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup." 8 75
+ whiptail --title "$whiptail_title" --msgbox "Cancelling Setup." 8 75
if [ -d "/root/installtmp" ]; then
{
echo "/root/installtmp exists";
@@ -104,7 +104,7 @@ whiptail_check_exitstatus() {
whiptail_cancel
;;
255)
- whiptail --title "Security Onion Setup" --msgbox "Whiptail error occured, exiting. Check log for details." 8 75
+ whiptail --title "$whiptail_title" --msgbox "Whiptail error occured, exiting. Check log for details." 8 75
exit
;;
esac
@@ -114,14 +114,14 @@ whiptail_components_adv_warning() {
[ -n "$TESTING" ] && return
- whiptail --title "Security Onion Setup" --msgbox "Please keep in mind the more services that you enable the more RAM that is required." 8 75
+ whiptail --title "$whiptail_title" --msgbox "Please keep in mind the more services that you enable the more RAM that is required." 8 75
}
whiptail_create_admin_user() {
[ -n "$TESTING" ] && return
- ADMINUSER=$(whiptail --title "Security Onion Install" --inputbox \
+ ADMINUSER=$(whiptail --title "$whiptail_title" --inputbox \
"Please enter a username for a new system admin user: \nThe local onion account will be disabled during this install" 10 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -132,7 +132,7 @@ whiptail_create_admin_user_password1() {
[ -n "$TESTING" ] && return
- ADMINPASS1=$(whiptail --title "Security Onion Install" --passwordbox \
+ ADMINPASS1=$(whiptail --title "$whiptail_title" --passwordbox \
"Enter a password for $ADMINUSER:" 10 60 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -143,7 +143,7 @@ whiptail_create_admin_user_password2() {
[ -n "$TESTING" ] && return
- ADMINPASS2=$(whiptail --title "Security Onion Install" --passwordbox \
+ ADMINPASS2=$(whiptail --title "$whiptail_title" --passwordbox \
"Re-enter a password for $ADMINUSER:" 10 60 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -155,7 +155,7 @@ whiptail_create_fleet_node_user() {
[ -n "$TESTING" ] && return
- FLEETNODEUSER=$(whiptail --title "Security Onion Install" --inputbox \
+ FLEETNODEUSER=$(whiptail --title "$whiptail_title" --inputbox \
"Please enter an email for use as the username for the Fleet admin user:" 10 60 "$1" 3>&1 1>&2 2>&3)
}
@@ -164,7 +164,7 @@ whiptail_create_fleet_node_user_password1() {
[ -n "$TESTING" ] && return
- FLEETNODEPASSWD1=$(whiptail --title "Security Onion Install" --passwordbox \
+ FLEETNODEPASSWD1=$(whiptail --title "$whiptail_title" --passwordbox \
"Enter a password for $FLEETNODEUSER:" 10 60 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -175,7 +175,7 @@ whiptail_create_fleet_node_user_password2() {
[ -n "$TESTING" ] && return
- FLEETNODEPASSWD2=$(whiptail --title "Security Onion Install" --passwordbox \
+ FLEETNODEPASSWD2=$(whiptail --title "$whiptail_title" --passwordbox \
"Re-enter a password for $FLEETNODEUSER:" 10 60 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -187,7 +187,7 @@ whiptail_create_soremote_user() {
[ -n "$TESTING" ] && return
- whiptail --title "Security Onion Setup" --msgbox "Set a password for the soremote user. This account is used for adding sensors remotely." 8 75
+ whiptail --title "$whiptail_title" --msgbox "Set a password for the soremote user. This account is used for adding sensors remotely." 8 75
}
@@ -195,7 +195,7 @@ whiptail_create_soremote_user_password1() {
[ -n "$TESTING" ] && return
- SOREMOTEPASS1=$(whiptail --title "Security Onion Install" --passwordbox \
+ SOREMOTEPASS1=$(whiptail --title "$whiptail_title" --passwordbox \
"Enter a password for user soremote:" 10 75 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -207,7 +207,7 @@ whiptail_create_soremote_user_password2() {
[ -n "$TESTING" ] && return
- SOREMOTEPASS2=$(whiptail --title "Security Onion Install" --passwordbox \
+ SOREMOTEPASS2=$(whiptail --title "$whiptail_title" --passwordbox \
"Re-enter a password for user soremote:" 10 75 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -219,8 +219,8 @@ whiptail_create_web_user() {
[ -n "$TESTING" ] && return
- WEBUSER=$(whiptail --title "Security Onion Install" --inputbox \
- "Please enter an email address to create an administrator account for the web interface.\n\nThis will also be used for TheHive, Cortex, and Fleet." 12 60 "$1" 3>&1 1>&2 2>&3)
+ WEBUSER=$(whiptail --title "$whiptail_title" --inputbox \
+ "Please enter an email address to create an administrator account for the web interface.\n\nThis will also be used for Elasticsearch, Kibana, TheHive, Cortex, and Fleet." 12 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -230,7 +230,7 @@ whiptail_create_web_user_password1() {
[ -n "$TESTING" ] && return
- WEBPASSWD1=$(whiptail --title "Security Onion Install" --passwordbox \
+ WEBPASSWD1=$(whiptail --title "$whiptail_title" --passwordbox \
"Enter a password for $WEBUSER:" 10 60 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -241,7 +241,7 @@ whiptail_create_web_user_password2() {
[ -n "$TESTING" ] && return
- WEBPASSWD2=$(whiptail --title "Security Onion Install" --passwordbox \
+ WEBPASSWD2=$(whiptail --title "$whiptail_title" --passwordbox \
"Re-enter a password for $WEBUSER:" 10 60 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -258,11 +258,11 @@ whiptail_requirements_error() {
[ -n "$TESTING" ] && return
if [[ $(echo "$requirement_needed" | tr '[:upper:]' '[:lower:]') == 'nics' ]]; then
- whiptail --title "Security Onion Setup" \
+ whiptail --title "$whiptail_title" \
--msgbox "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Select OK to exit setup and reconfigure the machine." 10 75
# Same as whiptail_cancel, but changed the wording to exit instead of cancel.
- whiptail --title "Security Onion Setup" --msgbox "Exiting Setup. No changes have been made." 8 75
+ whiptail --title "$whiptail_title" --msgbox "Exiting Setup. No changes have been made." 8 75
if [ -d "/root/installtmp" ]; then
{
echo "/root/installtmp exists";
@@ -272,7 +272,7 @@ whiptail_requirements_error() {
fi
exit
else
- whiptail --title "Security Onion Setup" \
+ whiptail --title "$whiptail_title" \
--yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Select YES to continue anyway, or select NO to cancel." 10 75
local exitstatus=$?
@@ -298,7 +298,7 @@ whiptail_storage_requirements() {
EOM
whiptail \
- --title "Security Onion Setup" \
+ --title "$whiptail_title" \
--yesno "$message" \
14 75
@@ -310,7 +310,7 @@ whiptail_cur_close_days() {
[ -n "$TESTING" ] && return
- CURCLOSEDAYS=$(whiptail --title "Security Onion Setup" --inputbox \
+ CURCLOSEDAYS=$(whiptail --title "$whiptail_title" --inputbox \
"Please specify the threshold (in days) at which Elasticsearch indices will be closed:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -322,7 +322,7 @@ whiptail_dhcp_or_static() {
[ -n "$TESTING" ] && return
- address_type=$(whiptail --title "Security Onion Setup" --radiolist \
+ address_type=$(whiptail --title "$whiptail_title" --radiolist \
"Choose how to set up your management interface:" 20 78 4 \
"STATIC" "Set a static IPv4 address" ON \
"DHCP" "Use DHCP to configure the Management Interface" OFF 3>&1 1>&2 2>&3 )
@@ -355,7 +355,7 @@ whiptail_dhcp_warn() {
EOM
whiptail \
- --title "Security Onion Setup" \
+ --title "$whiptail_title" \
--"$window_type" "$dhcp_message" \
14 75
@@ -366,7 +366,7 @@ whiptail_dhcp_warn() {
whiptail_dhcp_or_static
;;
255)
- whiptail --title "Security Onion Setup" --msgbox "Whiptail error occured, exiting. Check log for details." 8 75
+ whiptail --title "$whiptail_title" --msgbox "Whiptail error occured, exiting. Check log for details." 8 75
exit
;;
esac
@@ -380,7 +380,7 @@ whiptail_dockernet_check(){
[ -n "$TESTING" ] && return
- whiptail --title "Security Onion Setup" --yesno \
+ whiptail --title "$whiptail_title" --yesno \
"Do you want to keep the default Docker IP range?\n\nIf you are unsure, please accept the default option of Yes." 10 75
}
@@ -389,7 +389,7 @@ whiptail_dockernet_net() {
[ -n "$TESTING" ] && return
- DOCKERNET=$(whiptail --title "Security Onion Setup" --inputbox \
+ DOCKERNET=$(whiptail --title "$whiptail_title" --inputbox \
"\nEnter a /24 size network range for docker to use WITHOUT the /24 suffix. This range will be used on ALL nodes." 11 65 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -409,7 +409,7 @@ whiptail_enable_components() {
STRELKA=0
if [[ $is_eval ]]; then
- COMPONENTS=$(whiptail --title "Security Onion Setup" --checklist \
+ COMPONENTS=$(whiptail --title "$whiptail_title" --checklist \
"Select Components to install:" 20 75 8 \
GRAFANA "Enable Grafana for system monitoring" ON \
OSQUERY "Enable Fleet with osquery" ON \
@@ -418,7 +418,7 @@ if [[ $is_eval ]]; then
PLAYBOOK "Enable Playbook" ON \
STRELKA "Enable Strelka" ON 3>&1 1>&2 2>&3)
else
- COMPONENTS=$(whiptail --title "Security Onion Setup" --checklist \
+ COMPONENTS=$(whiptail --title "$whiptail_title" --checklist \
"Select Components to install:" 20 75 7 \
OSQUERY "Enable Fleet with osquery" ON \
WAZUH "Enable Wazuh" ON \
@@ -447,6 +447,7 @@ whiptail_end_settings() {
# BASIC INFO (NETWORK, HOSTNAME, DESCRIPTION, ETC)
read -r -d '' end_msg <<- EOM
+ Security Onion Version: $SOVERSION
Node Type: $install_type
Hostname: $HOSTNAME
EOM
@@ -657,7 +658,7 @@ whiptail_eval_adv() {
[ -n "$TESTING" ] && return
- EVALADVANCED=$(whiptail --title "Security Onion Setup" --radiolist \
+ EVALADVANCED=$(whiptail --title "$whiptail_title" --radiolist \
"Choose your eval install:" 20 75 4 \
"BASIC" "Install basic components for evaluation" ON \
"ADVANCED" "Choose additional components to be installed" OFF 3>&1 1>&2 2>&3 )
@@ -670,7 +671,7 @@ whiptail_fleet_custom_hostname() {
[ -n "$TESTING" ] && return
- FLEETCUSTOMHOSTNAME=$(whiptail --title "Security Onion Install" --inputbox \
+ FLEETCUSTOMHOSTNAME=$(whiptail --title "$whiptail_title" --inputbox \
"What FQDN should osquery clients use for connections to this Fleet node? Leave blank if the local system hostname will be used." 10 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -684,7 +685,7 @@ whiptail_gauge_post_setup() {
else
local msg=$1
- whiptail --title "Security Onion Setup" --gauge "$msg" 6 60 96
+ whiptail --title "$whiptail_title" --gauge "$msg" 6 60 96
fi
}
@@ -692,7 +693,7 @@ whiptail_helix_apikey() {
[ -n "$TESTING" ] && return
- HELIXAPIKEY=$(whiptail --title "Security Onion Setup" --inputbox \
+ HELIXAPIKEY=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your Helix API Key: \n \nThis can be set later using so-helix-apikey" 10 75 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -706,7 +707,7 @@ whiptail_homenet_manager() {
[ -n "$TESTING" ] && return
- HNMANAGER=$(whiptail --title "Security Onion Setup" --inputbox \
+ HNMANAGER=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your home network(s), separating CIDR blocks with a comma (,):" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -718,13 +719,13 @@ whiptail_homenet_sensor_inherit() {
[ -n "$TESTING" ] && return
# Ask to inherit from manager
- whiptail --title "Security Onion Setup" --yesno "Do you want to inherit the HOME_NET from the Manager?" 8 75
+ whiptail --title "$whiptail_title" --yesno "Do you want to inherit the HOME_NET from the Manager?" 8 75
}
whiptail_homenet_sensor() {
[ -n "$TESTING" ] && return
- HNSENSOR=$(whiptail --title "Security Onion Setup" --inputbox \
+ HNSENSOR=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your home network(s), separating CIDR blocks with a comma (,):" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -737,7 +738,7 @@ whiptail_install_type() {
[ -n "$TESTING" ] && return
# What kind of install are we doing?
- install_type=$(whiptail --title "Security Onion Setup" --radiolist \
+ install_type=$(whiptail --title "$whiptail_title" --radiolist \
"Choose install type:" 12 65 5 \
"EVAL" "Evaluation mode (not for production) " ON \
"STANDALONE" "Standalone production install " OFF \
@@ -763,7 +764,7 @@ whiptail_install_type_dist() {
[ -n "$TESTING" ] && return
- install_type=$(whiptail --title "Security Onion Setup" --radiolist \
+ install_type=$(whiptail --title "$whiptail_title" --radiolist \
"Choose distributed node type:" 13 60 6 \
"MANAGER" "Start a new grid " ON \
"SENSOR" "Create a forward only sensor " OFF \
@@ -791,14 +792,14 @@ whiptail_install_type_other() {
# so-analyst-install will only work with a working network connection
# so only show it on network installs for now
if [[ $setup_type == 'network' ]]; then
- install_type=$(whiptail --title "Security Onion Setup" --radiolist \
+ install_type=$(whiptail --title "$whiptail_title" --radiolist \
"Choose distributed node type:" 9 65 2 \
"ANALYST" "Quit setup and run so-analyst-install " ON \
"HELIXSENSOR" "Create a Helix sensor " OFF \
3>&1 1>&2 2>&3
)
else
- install_type=$(whiptail --title "Security Onion Setup" --radiolist \
+ install_type=$(whiptail --title "$whiptail_title" --radiolist \
"Choose distributed node type:" 8 65 1 \
"HELIXSENSOR" "Create a Helix sensor " ON \
3>&1 1>&2 2>&3
@@ -814,7 +815,7 @@ whiptail_install_type_other() {
whiptail_invalid_input() { # TODO: This should accept a list of arguments to specify what general pattern the input should follow
[ -n "$TESTING" ] && return
- whiptail --title "Security Onion Setup" --msgbox " Invalid input, please try again." 7 40
+ whiptail --title "$whiptail_title" --msgbox " Invalid input, please try again." 7 40
}
@@ -828,13 +829,13 @@ whiptail_invalid_proxy() {
Error was: ${proxy_test_err}
EOM
- whiptail --title "Security Onion Setup" --yesno "$message" --yes-button "Enter Again" --no-button "Skip" 11 60
+ whiptail --title "$whiptail_title" --yesno "$message" --yes-button "Enter Again" --no-button "Skip" 11 60
}
whiptail_invalid_string() {
[ -n "$TESTING" ] && return
- whiptail --title "Security Onion Setup" --msgbox "Invalid input, please try again.\n\nThe $1 cannot contain spaces." 9 45
+ whiptail --title "$whiptail_title" --msgbox "Invalid input, please try again.\n\nThe $1 cannot contain spaces." 9 45
}
@@ -842,21 +843,21 @@ whiptail_invalid_pass_characters_warning() {
[ -n "$TESTING" ] && return
- whiptail --title "Security Onion Setup" --msgbox "Password is invalid. Please exclude single quotes, double quotes and backslashes from the password." 8 75
+ whiptail --title "$whiptail_title" --msgbox "Password is invalid. Please exclude single quotes, double quotes and backslashes from the password." 8 75
}
whiptail_invalid_pass_warning() {
[ -n "$TESTING" ] && return
- whiptail --title "Security Onion Setup" --msgbox "Please choose a more secure password." 8 75
+ whiptail --title "$whiptail_title" --msgbox "Please choose a more secure password." 8 75
}
whiptail_invalid_user_warning() {
[ -n "$TESTING" ] && return
- whiptail --title "Security Onion Setup" --msgbox "Please enter a valid email address." 8 75
+ whiptail --title "$whiptail_title" --msgbox "Please enter a valid email address." 8 75
}
whiptail_invalid_hostname() {
@@ -867,7 +868,7 @@ whiptail_invalid_hostname() {
the ASCII letters 'A-Z' and 'a-z' (case-sensitive), the digits '0' through '9', \
and hyphen ('-')" | tr -d '\t')
- whiptail --title "Security Onion Setup" \
+ whiptail --title "$whiptail_title" \
--msgbox "$error_message" 10 75
}
@@ -890,7 +891,7 @@ whiptail_log_size_limit() {
By default, this is set to ${percentage}% of the disk space allotted for /nsm.
EOM
- log_size_limit=$(whiptail --title "Security Onion Setup" --inputbox "$message" 11 75 "$1" 3>&1 1>&2 2>&3)
+ log_size_limit=$(whiptail --title "$whiptail_title" --inputbox "$message" 11 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -900,7 +901,7 @@ whiptail_log_size_limit() {
whiptail_first_menu_iso() {
[ -n "$TESTING" ] && return
- option=$(whiptail --title "Security Onion Setup" --menu "Select an option" 10 75 2 \
+ option=$(whiptail --title "$whiptail_title" --menu "Select an option" 10 75 2 \
"Install " "Run the standard Security Onion installation " \
"Configure Network " "Configure networking only " \
3>&1 1>&2 2>&3
@@ -914,7 +915,7 @@ whiptail_make_changes() {
[ -n "$TESTING" ] && return
- whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $install_type. Please press YES to make changes or NO to cancel." 8 75
+ whiptail --title "$whiptail_title" --yesno "We are going to set this machine up as a $install_type. Please press YES to make changes or NO to cancel." 8 75
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -925,7 +926,7 @@ whiptail_management_interface_dns() {
[ -n "$TESTING" ] && return
- MDNS=$(whiptail --title "Security Onion Setup" --inputbox \
+ MDNS=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your DNS servers separated by commas:" 10 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -937,7 +938,7 @@ whiptail_management_interface_dns_search() {
[ -n "$TESTING" ] && return
- MSEARCH=$(whiptail --title "Security Onion Setup" --inputbox \
+ MSEARCH=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your DNS search domain:" 10 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -948,7 +949,7 @@ whiptail_management_interface_gateway() {
[ -n "$TESTING" ] && return
- MGATEWAY=$(whiptail --title "Security Onion Setup" --inputbox \
+ MGATEWAY=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your gateway's IPv4 address:" 10 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -958,7 +959,7 @@ whiptail_management_interface_gateway() {
whiptail_management_interface_ip_mask() {
[ -n "$TESTING" ] && return
- manager_ip_mask=$(whiptail --title "Security Onion Setup" --inputbox \
+ manager_ip_mask=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your IPv4 address with CIDR mask (e.g. 192.168.1.2/24):" 10 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -969,7 +970,7 @@ whiptail_management_interface_ip() {
[ -n "$TESTING" ] && return
- MIP=$(whiptail --title "Security Onion Setup" --inputbox \
+ MIP=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your IP address:" 10 60 X.X.X.X 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -980,7 +981,7 @@ whiptail_management_interface_mask() {
[ -n "$TESTING" ] && return
- MMASK=$(whiptail --title "Security Onion Setup" --inputbox \
+ MMASK=$(whiptail --title "$whiptail_title" --inputbox \
"Enter the bit mask for your subnet:" 10 60 24 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -993,13 +994,13 @@ whiptail_management_nic() {
filter_unused_nics
- MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC:" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )
+ MNIC=$(whiptail --title "$whiptail_title" --radiolist "Please select your management NIC:" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
while [ -z "$MNIC" ]
do
- MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC:" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )
+ MNIC=$(whiptail --title "$whiptail_title" --radiolist "Please select your management NIC:" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
done
@@ -1059,7 +1060,7 @@ whiptail_net_method() {
local option_count=$(( ${#options[@]} / 2 ))
- network_traffic=$(whiptail --title "Security Onion Setup" --menu "$msg" $height 75 $option_count "${options[@]}" 3>&1 1>&2 2>&3)
+ network_traffic=$(whiptail --title "$whiptail_title" --menu "$msg" $height 75 $option_count "${options[@]}" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -1070,7 +1071,7 @@ whiptail_net_method() {
whiptail_net_setup_complete() {
[ -n "$TESTING" ] && return
- whiptail --title "Security Onion Setup" \
+ whiptail --title "$whiptail_title" \
--msgbox "Successfully set up networking, setup will now exit." 7 75
exit 0
}
@@ -1084,7 +1085,7 @@ whiptail_network_init_notice() {
Select OK to continue.
EOM
- whiptail --title "Security Onion Setup" --msgbox "$message" 9 75
+ whiptail --title "$whiptail_title" --msgbox "$message" 9 75
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
@@ -1093,7 +1094,7 @@ whiptail_management_server() {
[ -n "$TESTING" ] && return
- MSRV=$(whiptail --title "Security Onion Setup" --inputbox \
+ MSRV=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your Manager Server hostname: \nIt is CASE SENSITIVE!" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -1104,7 +1105,7 @@ whiptail_management_server() {
whiptail_manager_ip() {
[ -n "$TESTING" ] && return
- MSRVIP=$(whiptail --title "Security Onion Setup" --inputbox \
+ MSRVIP=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your Manager Server IP Address:" 10 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -1116,7 +1117,7 @@ whiptail_manager_adv() {
[ -n "$TESTING" ] && return
- MANAGERADV=$(whiptail --title "Security Onion Setup" --radiolist \
+ MANAGERADV=$(whiptail --title "$whiptail_title" --radiolist \
"Choose which type of manager to install:" 20 75 4 \
"BASIC" "Install manager with recommended settings" ON \
"ADVANCED" "Do additional configuration to the manager" OFF 3>&1 1>&2 2>&3 )
@@ -1131,7 +1132,7 @@ whiptail_manager_adv_escluster(){
[ -n "$TESTING" ] && return
- whiptail --title "Security Onion Setup" --yesno \
+ whiptail --title "$whiptail_title" --yesno \
"Do you want to set up a traditional ES cluster for using replicas and/or Hot-Warm indices? Recommended only for those who have experience with ES clustering! " 12 75
}
@@ -1141,7 +1142,7 @@ whiptail_manager_adv_escluster_name(){
[ -n "$TESTING" ] && return
- ESCLUSTERNAME=$(whiptail --title "Security Onion Setup" --inputbox \
+ ESCLUSTERNAME=$(whiptail --title "$whiptail_title" --inputbox \
"Enter a name for your ES cluster!" 10 75 "$1" 3>&1 1>&2 2>&3)
}
@@ -1150,11 +1151,10 @@ whiptail_manager_adv_service_zeeklogs() {
[ -n "$TESTING" ] && return
- BLOGS=$(whiptail --title "Security Onion Setup" --checklist "Please select logs to send:" 24 75 12 \
+ BLOGS=$(whiptail --title "$whiptail_title" --checklist "Please select logs to send:" 24 75 12 \
"conn" "Connection Logging" ON \
"dce_rpc" "RPC Logs" ON \
"dhcp" "DHCP Logs" ON \
- "dhcpv6" "DHCP IPv6 Logs" ON \
"dnp3" "DNP3 Logs" ON \
"dns" "DNS Logs" ON \
"dpd" "DPD Logs" ON \
@@ -1165,25 +1165,20 @@ whiptail_manager_adv_service_zeeklogs() {
"irc" "IRC Chat Logs" ON \
"kerberos" "Kerberos Logs" ON \
"modbus" "MODBUS Logs" ON \
- "mqtt" "MQTT Logs" ON \
"notice" "Zeek Notice Logs" ON \
"ntlm" "NTLM Logs" ON \
- "openvpn" "OPENVPN Logs" ON \
"pe" "PE Logs" ON \
"radius" "Radius Logs" ON \
"rfb" "RFB Logs" ON \
"rdp" "RDP Logs" ON \
- "signatures" "Signatures Logs" ON \
"sip" "SIP Logs" ON \
"smb_files" "SMB Files Logs" ON \
"smb_mapping" "SMB Mapping Logs" ON \
"smtp" "SMTP Logs" ON \
"snmp" "SNMP Logs" ON \
- "software" "Software Logs" ON \
"ssh" "SSH Logs" ON \
"ssl" "SSL Logs" ON \
"syslog" "Syslog Logs" ON \
- "telnet" "Telnet Logs" ON \
"tunnel" "Tunnel Logs" ON \
"weird" "Zeek Weird Logs" ON \
"mysql" "MySQL Logs" ON \
@@ -1212,13 +1207,13 @@ whiptail_manager_error() {
Would you like to continue anyway?
EOM
- whiptail --title "Security Onion Setup" --yesno "$msg" 13 75 || whiptail_check_exitstatus 1
+ whiptail --title "$whiptail_title" --yesno "$msg" 13 75 || whiptail_check_exitstatus 1
}
whiptail_manager_updates_warning() {
[ -n "$TESTING" ] && return
- whiptail --title "Security Onion Setup"\
+ whiptail --title "$whiptail_title"\
--msgbox "Updating through the manager node requires the manager to have internet access, press ENTER to continue."\
8 75
@@ -1229,7 +1224,7 @@ whiptail_manager_updates_warning() {
whiptail_manager_unreachable() {
[ -n "$TESTING" ] && return
- whiptail --title "Security Onion Setup" --msgbox "Setup cannot determine if $1 is listening on port 22. Please check the address entered and try again." 7 75
+ whiptail --title "$whiptail_title" --msgbox "Setup cannot determine if $1 is listening on port 22. Please check the address entered and try again." 7 75
}
whiptail_metadata_tool() {
@@ -1247,7 +1242,7 @@ whiptail_metadata_tool() {
EOM
# Legacy variable naming
- ZEEKVERSION=$(whiptail --title "Security Onion Setup" --menu "$message" 20 75 2 \
+ ZEEKVERSION=$(whiptail --title "$whiptail_title" --menu "$message" 20 75 2 \
"Zeek " "Use Zeek (Bro) for metadata and Suricata for NIDS alerts" \
"Suricata " "Use Suricata for both metadata and NIDS alerts" 3>&1 1>&2 2>&3)
@@ -1261,7 +1256,7 @@ whiptail_nids() {
[ -n "$TESTING" ] && return
- NIDS=$(whiptail --title "Security Onion Setup" --radiolist \
+ NIDS=$(whiptail --title "$whiptail_title" --radiolist \
"Choose which IDS to run: \n\n(Snort 3.0 support will be added once it is out of beta.)" 25 75 4 \
"Suricata" "Suricata" ON \
"Snort" "Placeholder for Snort 3.0 " OFF 3>&1 1>&2 2>&3 )
@@ -1275,7 +1270,7 @@ whiptail_network_notice() {
[ -n "$TESTING" ] && return
- whiptail --title "Security Onion Setup" --yesno "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Select YES to continue." 8 75
+ whiptail --title "$whiptail_title" --yesno "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Select YES to continue." 8 75
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -1285,14 +1280,14 @@ whiptail_network_notice() {
whiptail_net_reinit() {
[ -n "$TESTING" ] && return
- whiptail --title "Security Onion Setup" --yesno "The management interface has already been configured. Do you want to reconfigure it?" 8 75
+ whiptail --title "$whiptail_title" --yesno "The management interface has already been configured. Do you want to reconfigure it?" 8 75
}
whiptail_node_advanced() {
[ -n "$TESTING" ] && return
- NODESETUP=$(whiptail --title "Security Onion Setup" --radiolist \
+ NODESETUP=$(whiptail --title "$whiptail_title" --radiolist \
"What type of config would you like to use?:" 20 75 4 \
"NODEBASIC" "Install Search Node with recommended settings" ON \
"NODEADVANCED" "Advanced Node Setup" OFF 3>&1 1>&2 2>&3 )
@@ -1305,7 +1300,7 @@ whiptail_node_advanced() {
whiptail_node_description() {
[ -n "$TESTING" ] && return
- NODE_DESCRIPTION=$(whiptail --title "Security Onion Setup" \
+ NODE_DESCRIPTION=$(whiptail --title "$whiptail_title" \
--inputbox "Enter a short description for the node or press ENTER to leave blank:" 10 75 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -1316,7 +1311,7 @@ whiptail_node_es_heap() {
[ -n "$TESTING" ] && return
- NODE_ES_HEAP_SIZE=$(whiptail --title "Security Onion Setup" --inputbox \
+ NODE_ES_HEAP_SIZE=$(whiptail --title "$whiptail_title" --inputbox \
"Enter ES heap size:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -1328,7 +1323,7 @@ whiptail_node_ls_heap() {
[ -n "$TESTING" ] && return
- NODE_LS_HEAP_SIZE=$(whiptail --title "Security Onion Setup" --inputbox \
+ NODE_LS_HEAP_SIZE=$(whiptail --title "$whiptail_title" --inputbox \
"Enter Logstash heap size:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -1340,7 +1335,7 @@ whiptail_node_ls_input_threads() {
[ -n "$TESTING" ] && return
- LSINPUTTHREADS=$(whiptail --title "Security Onion Setup" --inputbox \
+ LSINPUTTHREADS=$(whiptail --title "$whiptail_title" --inputbox \
"Enter number of Logstash input threads:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -1353,7 +1348,7 @@ whiptail_node_ls_pipline_batchsize() {
[ -n "$TESTING" ] && return
- LSPIPELINEBATCH=$(whiptail --title "Security Onion Setup" --inputbox \
+ LSPIPELINEBATCH=$(whiptail --title "$whiptail_title" --inputbox \
"Enter Logstash pipeline batch size:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -1365,7 +1360,7 @@ whiptail_node_ls_pipeline_worker() {
[ -n "$TESTING" ] && return
- LSPIPELINEWORKERS=$(whiptail --title "Security Onion Setup" --inputbox \
+ LSPIPELINEWORKERS=$(whiptail --title "$whiptail_title" --inputbox \
"Enter number of Logstash pipeline workers:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -1376,13 +1371,13 @@ whiptail_node_ls_pipeline_worker() {
whiptail_ntp_ask() {
[ -n "$TESTING" ] && return
- whiptail --title "Security Onion Setup" --yesno "Would you like to configure ntp servers?" 7 44
+ whiptail --title "$whiptail_title" --yesno "Would you like to configure ntp servers?" 7 44
}
whiptail_ntp_servers() {
[ -n "$TESTING" ] && return
- ntp_string=$(whiptail --title "Security Onion Setup" \
+ ntp_string=$(whiptail --title "$whiptail_title" \
--inputbox "Input the NTP server(s) you would like to use, separated by commas:" 8 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -1393,7 +1388,7 @@ whiptail_oinkcode() {
[ -n "$TESTING" ] && return
- OINKCODE=$(whiptail --title "Security Onion Setup" --inputbox \
+ OINKCODE=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your ET Pro or oinkcode:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -1406,7 +1401,7 @@ whiptail_oinkcode() {
whiptail_passwords_dont_match() {
- whiptail --title "Security Onion Setup" --msgbox "Passwords don't match. Please re-enter." 8 75
+ whiptail --title "$whiptail_title" --msgbox "Passwords don't match. Please re-enter." 8 75
}
@@ -1414,7 +1409,7 @@ whiptail_patch_name_new_schedule() {
[ -n "$TESTING" ] && return
- PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
+ PATCHSCHEDULENAME=$(whiptail --title "$whiptail_title" --inputbox \
"What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the manager under /opt/so/salt/patch/os/schedules/.yml" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -1425,7 +1420,7 @@ whiptail_patch_schedule() {
[ -n "$TESTING" ] && return
- patch_schedule=$(whiptail --title "Security Onion Setup" --radiolist \
+ patch_schedule=$(whiptail --title "$whiptail_title" --radiolist \
"Choose OS patch schedule.\n\nThis schedule will update the operating system packages but will NOT update Security Onion related tools such as Zeek, Elasticsearch, Kibana, SaltStack, etc." 20 75 5 \
"Automatic" "Updates installed every 8 hours if available" ON \
"Manual" "Updates will be installed manually" OFF \
@@ -1441,7 +1436,7 @@ whiptail_patch_schedule_import() {
[ -n "$TESTING" ] && return
unset PATCHSCHEDULENAME
- PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
+ PATCHSCHEDULENAME=$(whiptail --title "$whiptail_title" --inputbox \
"Enter the name of the OS patch schedule you want to inherit. \nAvailable schedules can be found on the manager under /opt/so/salt/patch/os/schedules/.yml" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -1453,7 +1448,7 @@ whiptail_patch_schedule_select_days() {
[ -n "$TESTING" ] && return
# Select the days to patch
- PATCHSCHEDULEDAYS=$(whiptail --title "Security Onion Setup" --checklist \
+ PATCHSCHEDULEDAYS=$(whiptail --title "$whiptail_title" --checklist \
"Which days do you want to apply OS patches?" 15 75 8 \
Monday "" OFF \
Tuesday "" ON \
@@ -1477,7 +1472,7 @@ whiptail_patch_schedule_select_hours() {
[ -n "$TESTING" ] && return
# Select the hours to patch
- PATCHSCHEDULEHOURS=$(whiptail --title "Security Onion Setup" --checklist \
+ PATCHSCHEDULEHOURS=$(whiptail --title "$whiptail_title" --checklist \
"At which time, UTC, do you want to apply OS patches on the selected days?" 22 75 13 \
00:00 "" OFF \
01:00 "" OFF \
@@ -1518,7 +1513,7 @@ whiptail_proxy_ask() {
local pkg_mngr
if [[ $OS = 'centos' ]]; then pkg_mngr="yum"; else pkg_mngr='apt'; fi
- whiptail --title "Security Onion Setup" --yesno "Do you want to proxy the traffic for git, docker client, wget, curl, ${pkg_mngr}, and various other SO components through a separate server in your environment?" 9 65 --defaultno
+ whiptail --title "$whiptail_title" --yesno "Do you want to proxy the traffic for git, docker client, wget, curl, ${pkg_mngr}, and various other SO components through a separate server in your environment?" 9 65 --defaultno
}
whiptail_proxy_addr() {
@@ -1531,7 +1526,7 @@ whiptail_proxy_addr() {
If your proxy requires a username and password do not include them in your input. Setup will ask for those values next.
EOM
- proxy_addr=$(whiptail --title "Security Onion Setup" --inputbox "$message" 13 60 "$1" 3>&1 1>&2 2>&3)
+ proxy_addr=$(whiptail --title "$whiptail_title" --inputbox "$message" 13 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -1540,13 +1535,13 @@ whiptail_proxy_addr() {
whiptail_proxy_auth_ask() {
[ -n "$TESTING" ] && return
- whiptail --title "Security Onion Setup" --yesno "Does your proxy require authentication?" 7 60
+ whiptail --title "$whiptail_title" --yesno "Does your proxy require authentication?" 7 60
}
whiptail_proxy_auth_user() {
[ -n "$TESTING" ] && return
- proxy_user=$(whiptail --title "Security Onion Setup" --inputbox "Please input the proxy user:" 8 60 "$1" 3>&1 1>&2 2>&3)
+ proxy_user=$(whiptail --title "$whiptail_title" --inputbox "Please input the proxy user:" 8 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -1557,7 +1552,7 @@ whiptail_proxy_auth_pass() {
[ -n "$TESTING" ] && return
- proxy_pass=$(whiptail --title "Security Onion Setup" --passwordbox "Please input the proxy password:" 8 60 3>&1 1>&2 2>&3)
+ proxy_pass=$(whiptail --title "$whiptail_title" --passwordbox "Please input the proxy password:" 8 60 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -1571,7 +1566,7 @@ whiptail_requirements_error() {
[ -n "$TESTING" ] && return
- whiptail --title "Security Onion Setup" \
+ whiptail --title "$whiptail_title" \
--yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Press YES to continue anyway, or press NO to cancel." 10 75
local exitstatus=$?
@@ -1583,7 +1578,7 @@ whiptail_rule_setup() {
[ -n "$TESTING" ] && return
# Get pulled pork info
- RULESETUP=$(whiptail --title "Security Onion Setup" --radiolist \
+ RULESETUP=$(whiptail --title "$whiptail_title" --radiolist \
"Which IDS ruleset would you like to use?\n\nThis manager server is responsible for downloading the IDS ruleset from the Internet.\n\nSensors then pull a copy of this ruleset from the manager server.\n\nIf you select a commercial ruleset, it is your responsibility to purchase enough licenses for all of your sensors in compliance with your vendor's policies." 20 75 4 \
"ETOPEN" "Emerging Threats Open" ON \
"ETPRO" "Emerging Threats PRO" OFF \
@@ -1599,7 +1594,7 @@ whiptail_sensor_config() {
[ -n "$TESTING" ] && return
- NSMSETUP=$(whiptail --title "Security Onion Setup" --radiolist \
+ NSMSETUP=$(whiptail --title "$whiptail_title" --radiolist \
"What type of configuration would you like to use?" 20 75 4 \
"BASIC" "Install NSM components with recommended settings" ON \
"ADVANCED" "Configure each component individually" OFF 3>&1 1>&2 2>&3 )
@@ -1623,13 +1618,13 @@ whiptail_sensor_nics() {
local list_type="checklist"
fi
- BNICS=$(whiptail --title "NIC Setup" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3)
+ BNICS=$(whiptail --title "$whiptail_title" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
while [ -z "$BNICS" ]
do
- BNICS=$(whiptail --title "NIC Setup" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )
+ BNICS=$(whiptail --title "$whiptail_title" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
done
@@ -1639,13 +1634,15 @@ whiptail_sensor_nics() {
IFS=' ' read -ra BNICS <<< "$BNICS"
for bond_nic in "${BNICS[@]}"; do
- if [[ "${nmcli_dev_status_list}" =~ $bond_nic\:unmanaged ]]; then
- whiptail \
- --title "Security Onion Setup" \
- --msgbox "$bond_nic is unmanaged by Network Manager. Please remove it from other network management tools then re-run setup." \
- 8 75
- exit
- fi
+ for dev_status in "${nmcli_dev_status_list[@]}"; do
+ if [[ $dev_status == "${bond_nic}:unmanaged" ]]; then
+ whiptail \
+ --title "$whiptail_title" \
+ --msgbox "$bond_nic is unmanaged by Network Manager. Please remove it from other network management tools then re-run setup." \
+ 8 75
+ exit
+ fi
+ done
done
}
@@ -1653,7 +1650,7 @@ whiptail_set_hostname() {
[ -n "$TESTING" ] && return
- HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \
+ HOSTNAME=$(whiptail --title "$whiptail_title" --inputbox \
"Enter the hostname (not FQDN) you would like to set:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -1664,7 +1661,7 @@ whiptail_set_redirect() {
[ -n "$TESTING" ] && return
- REDIRECTINFO=$(whiptail --title "Security Onion Setup" --radiolist \
+ REDIRECTINFO=$(whiptail --title "$whiptail_title" --radiolist \
"How would you like to access the web interface?\n\nSecurity Onion uses strict cookie enforcement, so whatever you choose here will be the only way that you can access the web interface.\n\nIf you choose something other than IP address, then you'll need to ensure that you can resolve the name via DNS or hosts entry. If you are unsure, please select IP." 20 75 4 \
"IP" "Use IP address to access the web interface" ON \
"HOSTNAME" "Use hostname to access the web interface" OFF \
@@ -1677,7 +1674,7 @@ whiptail_set_redirect_host() {
[ -n "$TESTING" ] && return
- REDIRECTHOST=$(whiptail --title "Security Onion Setup" --inputbox \
+ REDIRECTHOST=$(whiptail --title "$whiptail_title" --inputbox \
"Enter the Hostname, IP, or FQDN you would like to use for the web interface:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -1705,7 +1702,7 @@ whiptail_setup_complete() {
Press ENTER to reboot.
EOM
- whiptail --title "Security Onion Setup" --msgbox "$message" 12 75
+ whiptail --title "$whiptail_title" --msgbox "$message" 12 75
}
whiptail_setup_failed() {
@@ -1725,13 +1722,13 @@ whiptail_setup_failed() {
Press Ok to exit.
EOM
- whiptail --title "Security Onion Setup" --msgbox "$message" $height 75
+ whiptail --title "$whiptail_title" --msgbox "$message" $height 75
}
whiptail_so_allow_yesno() {
[ -n "$TESTING" ] && return
- whiptail --title "Security Onion Setup" \
+ whiptail --title "$whiptail_title" \
--yesno "Do you want to run so-allow to allow access to the web tools?" \
8 75
}
@@ -1740,7 +1737,7 @@ whiptail_so_allow() {
[ -n "$TESTING" ] && return
- ALLOW_CIDR=$(whiptail --title "Security Onion Setup" \
+ ALLOW_CIDR=$(whiptail --title "$whiptail_title" \
--inputbox "Enter a single IP address or an IP range, in CIDR notation, to allow:" \
10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -1760,7 +1757,7 @@ whiptail_ssh_key_copy_notice() {
Select OK to continue.
EOM
- whiptail --title "Security Onion Setup" --msgbox "$message" 11 75
+ whiptail --title "$whiptail_title" --msgbox "$message" 11 75
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
@@ -1799,7 +1796,7 @@ whiptail_storage_requirements() {
EOM
whiptail \
- --title "Security Onion Setup" \
+ --title "$whiptail_title" \
--yesno "$message" \
14 75
@@ -1811,7 +1808,7 @@ whiptail_strelka_rules() {
[ -n "$TESTING" ] && return
- whiptail --title "Security Onion Setup" --yesno "Do you want to enable the default YARA rules for Strelka?" 8 75
+ whiptail --title "$whiptail_title" --yesno "Do you want to enable the default YARA rules for Strelka?" 8 75
local exitstatus=$?
@@ -1837,7 +1834,7 @@ whiptail_suricata_pins() {
local PROCS=$lb_procs
fi
- SURIPINS=$(whiptail --noitem --title "Pin Suricata CPUS" --checklist "Please select $PROCS cores to pin Suricata to:" 20 75 12 "${filtered_core_str[@]}" 3>&1 1>&2 2>&3 )
+ SURIPINS=$(whiptail --noitem --title "$whiptail_title" --checklist "Please select $PROCS cores to pin Suricata to:" 20 75 12 "${filtered_core_str[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -1851,7 +1848,7 @@ whiptail_node_updates() {
[ -n "$TESTING" ] && return
- NODEUPDATES=$(whiptail --title "Security Onion Setup" --radiolist \
+ NODEUPDATES=$(whiptail --title "$whiptail_title" --radiolist \
"How would you like to download OS package updates for your grid?" 20 75 4 \
"MANAGER" "Manager node is proxy for updates." ON \
"OPEN" "Each node connects to the Internet for updates" OFF 3>&1 1>&2 2>&3 )
@@ -1876,7 +1873,7 @@ whiptail_you_sure() {
EOM
whiptail \
- --title "Security Onion Setup" \
+ --title "$whiptail_title" \
--yesno "$you_sure_text" \
20 75
@@ -1901,7 +1898,7 @@ whiptail_zeek_pins() {
local PROCS=$lb_procs
fi
- ZEEKPINS=$(whiptail --noitem --title "Pin Zeek CPUS" --checklist "Please select $PROCS cores to pin Zeek to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 )
+ ZEEKPINS=$(whiptail --noitem --title "$whiptail_title" --checklist "Please select $PROCS cores to pin Zeek to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
diff --git a/sigs/securityonion-2.3.60.iso.sig b/sigs/securityonion-2.3.60.iso.sig
new file mode 100644
index 000000000..c00a5c664
Binary files /dev/null and b/sigs/securityonion-2.3.60.iso.sig differ