From 2e42eacd6aa93efe353843ad61f92251f70a7c61 Mon Sep 17 00:00:00 2001 From: gbanyan Date: Sun, 15 Feb 2026 11:26:02 +0800 Subject: [PATCH] Scope TrueNAS audit dashboard to truenas_syslog stream --- HomeLab/truenas-audit-overview.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/HomeLab/truenas-audit-overview.json b/HomeLab/truenas-audit-overview.json index e68800d..5dfb1f4 100644 --- a/HomeLab/truenas-audit-overview.json +++ b/HomeLab/truenas-audit-overview.json @@ -104,7 +104,7 @@ "type": "loki", "uid": "ef1qnibjxb5z4a" }, - "expr": "sum(count_over_time({job=~\".+\"} |~ \"(?i)(audit|sudo|authentication|middleware|truenas)\" [5m]))", + "expr": "sum(count_over_time({job=\"truenas_syslog\"} |= \"TNAUDIT\" [5m]))", "refId": "A" } ], @@ -195,7 +195,7 @@ "type": "loki", "uid": "ef1qnibjxb5z4a" }, - "expr": "sum(count_over_time({job=~\".+\"} |~ \"(?i)(failed|failure|denied|unauthorized|invalid user)\" [5m]))", + "expr": "sum(count_over_time({job=\"truenas_syslog\"} |= \"TNAUDIT\" |~ \"(?i)(\\\"success\\\": false|FAILED|denied|invalid)\" [5m]))", "legendFormat": "Failures", "refId": "A" }, @@ -204,7 +204,7 @@ "type": "loki", "uid": "ef1qnibjxb5z4a" }, - "expr": "sum(count_over_time({job=~\".+\"} |~ \"(?i)(sudo|privilege|root)\" [5m]))", + "expr": "sum(count_over_time({job=\"truenas_syslog\"} |= \"TNAUDIT\" |~ \"\\\"svc\\\": \\\"(SUDO|SYSTEM)\\\"\" [5m]))", "legendFormat": "Privileged Actions", "refId": "B" } @@ -236,7 +236,7 @@ "type": "loki", "uid": "ef1qnibjxb5z4a" }, - "expr": "{job=~\".+\"} |~ \"(?i)(audit|sudo|authentication|middleware|truenas|smb)\"", + "expr": "{job=\"truenas_syslog\"} |= \"TNAUDIT\"", "refId": "A" } ],