gbanyan/grafana-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add TrueNAS audit filters and overview drill-down link

Browse Source
This commit is contained in:
gbanyan
2026-02-15 11:33:47 +08:00
parent 17a161a823
commit 468907c154
2 changed files with 47 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
HomeLab/truenas-audit-overview.json
View File

@@ -36,7 +36,7 @@
}, },
"id": 1, "id": 1,
"options": { "options": {
"content": "# TrueNAS Audit Overview\\n\\nThis dashboard is for audit/event visibility (not metrics).\\n\\nCurrent status: Loki is reachable but no dedicated TrueNAS audit log stream is labeled yet.\\n\\nNext step: ship TrueNAS audit/syslog events into Loki, then use these panels for detection and triage.", "content": "# TrueNAS Audit Overview\\n\\nNative TrueNAS audit events forwarded via remote syslog and ingested to Loki as `job=truenas_syslog`.\\n\\nUse filters above to focus by host and service.",
"mode": "markdown" "mode": "markdown"
}, },
"pluginVersion": "12.2.1", "pluginVersion": "12.2.1",
@@ -104,7 +104,7 @@
"type": "loki", "type": "loki",
"uid": "ef1qnibjxb5z4a" "uid": "ef1qnibjxb5z4a"
}, },
"expr": "sum(count_over_time({job=\"truenas_syslog\"} |= \"TNAUDIT\" [5m]))", "expr": "sum(count_over_time({job=\\\"truenas_syslog\\\",host=~\\\"$host\\\"} |= \\\"TNAUDIT\\\" |~ \\\"\\\\\\\"svc\\\\\\\": \\\\\\\"($svc)\\\\\\\"\\\" [5m]))",
"refId": "A" "refId": "A"
} }
], ],
@@ -195,7 +195,7 @@
"type": "loki", "type": "loki",
"uid": "ef1qnibjxb5z4a" "uid": "ef1qnibjxb5z4a"
}, },
"expr": "sum(count_over_time({job=\"truenas_syslog\"} |= \"TNAUDIT\" |~ \"(?i)(\\\"success\\\": false|FAILED|denied|invalid)\" [5m]))", "expr": "sum(count_over_time({job=\\\"truenas_syslog\\\",host=~\\\"$host\\\"} |= \\\"TNAUDIT\\\" |~ \\\"\\\\\\\"svc\\\\\\\": \\\\\\\"($svc)\\\\\\\"\\\" |~ \\\"(?i)(\\\\\\\"success\\\\\\\": false|FAILED|denied|invalid)\\\" [5m]))",
"legendFormat": "Failures", "legendFormat": "Failures",
"refId": "A" "refId": "A"
}, },
@@ -204,7 +204,7 @@
"type": "loki", "type": "loki",
"uid": "ef1qnibjxb5z4a" "uid": "ef1qnibjxb5z4a"
}, },
"expr": "sum(count_over_time({job=\"truenas_syslog\"} |= \"TNAUDIT\" |~ \"\\\"svc\\\": \\\"(SUDO|SYSTEM)\\\"\" [5m]))", "expr": "sum(count_over_time({job=\\\"truenas_syslog\\\",host=~\\\"$host\\\"} |= \\\"TNAUDIT\\\" |~ \\\"\\\\\\\"svc\\\\\\\": \\\\\\\"($svc)\\\\\\\"\\\" |~ \\\"\\\\\\\"svc\\\\\\\": \\\\\\\"(SUDO|SYSTEM)\\\\\\\"\\\" [5m]))",
"legendFormat": "Privileged Actions", "legendFormat": "Privileged Actions",
"refId": "B" "refId": "B"
} }
@@ -236,7 +236,7 @@
"type": "loki", "type": "loki",
"uid": "ef1qnibjxb5z4a" "uid": "ef1qnibjxb5z4a"
}, },
"expr": "{job=\"truenas_syslog\"} |= \"TNAUDIT\"", "expr": "{job=\\\"truenas_syslog\\\",host=~\\\"$host\\\"} |= \\\"TNAUDIT\\\" |~ \\\"\\\\\\\"svc\\\\\\\": \\\\\\\"($svc)\\\\\\\"\\\"",
"refId": "A" "refId": "A"
} }
], ],
@@ -254,7 +254,41 @@
"loki" "loki"
], ],
"templating": { "templating": {
"list": [] "list": [
{
"name": "host",
"type": "query",
"datasource": {
"type": "loki",
"uid": "ef1qnibjxb5z4a"
},
"definition": "label_values({job=\"truenas_syslog\"}, host)",
"query": "label_values({job=\"truenas_syslog\"}, host)",
"refresh": 1,
"sort": 1,
"includeAll": true,
"allValue": ".*",
"multi": false,
"current": {
"text": "All",
"value": "$__all",
"selected": true
}
},
{
"name": "svc",
"type": "custom",
"query": "SMB,SYSTEM,SUDO,MIDDLEWARE",
"includeAll": true,
"allValue": ".*",
"multi": false,
"current": {
"text": "All",
"value": "$__all",
"selected": true
}
}
]
}, },
"time": { "time": {
"from": "now-6h", "from": "now-6h",

8
HomeLab/truenas-scale-overview.json
View File

@@ -24,7 +24,13 @@
"editable": true, "editable": true,
"fiscalYearStartMonth": 0, "fiscalYearStartMonth": 0,
"graphTooltip": 1, "graphTooltip": 1,
"links": [], "links": [
{
"title": "Open Audit Dashboard",
"url": "/d/truenas-audit-overview/truenas-audit-overview",
"targetBlank": false
}
],
"panels": [ "panels": [
{ {
"datasource": { "datasource": {