Scope TrueNAS audit dashboard to truenas_syslog stream

2026-02-15 11:26:02 +08:00
parent 80a236bed5
commit 2e42eacd6a
1 changed files with 4 additions and 4 deletions
--- a/HomeLab/truenas-audit-overview.json
+++ b/HomeLab/truenas-audit-overview.json
@@ -104,7 +104,7 @@
              "type": "loki",
              "uid": "ef1qnibjxb5z4a"
            },
-            "expr": "sum(count_over_time({job=~\".+\"} |~ \"(?i)(audit|sudo|authentication|middleware|truenas)\" [5m]))",
+            "expr": "sum(count_over_time({job=\"truenas_syslog\"} |= \"TNAUDIT\" [5m]))",
            "refId": "A"
          }
        ],
@@ -195,7 +195,7 @@
              "type": "loki",
              "uid": "ef1qnibjxb5z4a"
            },
-            "expr": "sum(count_over_time({job=~\".+\"} |~ \"(?i)(failed|failure|denied|unauthorized|invalid user)\" [5m]))",
+            "expr": "sum(count_over_time({job=\"truenas_syslog\"} |= \"TNAUDIT\" |~ \"(?i)(\\\"success\\\": false|FAILED|denied|invalid)\" [5m]))",
            "legendFormat": "Failures",
            "refId": "A"
          },
@@ -204,7 +204,7 @@
              "type": "loki",
              "uid": "ef1qnibjxb5z4a"
            },
-            "expr": "sum(count_over_time({job=~\".+\"} |~ \"(?i)(sudo|privilege|root)\" [5m]))",
+            "expr": "sum(count_over_time({job=\"truenas_syslog\"} |= \"TNAUDIT\" |~ \"\\\"svc\\\": \\\"(SUDO|SYSTEM)\\\"\" [5m]))",
            "legendFormat": "Privileged Actions",
            "refId": "B"
          }
@@ -236,7 +236,7 @@
              "type": "loki",
              "uid": "ef1qnibjxb5z4a"
            },
-            "expr": "{job=~\".+\"} |~ \"(?i)(audit|sudo|authentication|middleware|truenas|smb)\"",
+            "expr": "{job=\"truenas_syslog\"} |= \"TNAUDIT\"",
            "refId": "A"
          }
        ],