Add TrueNAS audit dashboard and home link

2026-02-15 10:56:46 +08:00
parent 2eebcdbef4
commit d99f87e7cf
2 changed files with 268 additions and 1 deletions
--- a/HomeLab/truenas-audit-overview.json
+++ b/HomeLab/truenas-audit-overview.json
@@ -0,0 +1,267 @@
+{
+  "apiVersion": "dashboard.grafana.app/v1beta1",
+  "kind": "Dashboard",
+  "metadata": {
+    "name": "truenas-audit-overview"
+  },
+  "spec": {
+    "annotations": {
+      "list": [
+        {
+          "builtIn": 1,
+          "datasource": {
+            "type": "grafana",
+            "uid": "-- Grafana --"
+          },
+          "enable": true,
+          "hide": true,
+          "iconColor": "rgba(0, 211, 255, 1)",
+          "name": "Annotations & Alerts",
+          "type": "dashboard"
+        }
+      ]
+    },
+    "editable": true,
+    "fiscalYearStartMonth": 0,
+    "graphTooltip": 0,
+    "links": [],
+    "panels": [
+      {
+        "datasource": null,
+        "gridPos": {
+          "h": 5,
+          "w": 24,
+          "x": 0,
+          "y": 0
+        },
+        "id": 1,
+        "options": {
+          "content": "# TrueNAS Audit Overview\\n\\nThis dashboard is for audit/event visibility (not metrics).\\n\\nCurrent status: Loki is reachable but no dedicated TrueNAS audit log stream is labeled yet.\\n\\nNext step: ship TrueNAS audit/syslog events into Loki, then use these panels for detection and triage.",
+          "mode": "markdown"
+        },
+        "pluginVersion": "12.2.1",
+        "targets": [],
+        "title": "Status",
+        "type": "text"
+      },
+      {
+        "fieldConfig": {
+          "defaults": {
+            "color": {
+              "mode": "thresholds"
+            },
+            "decimals": 0,
+            "mappings": [],
+            "thresholds": {
+              "mode": "absolute",
+              "steps": [
+                {
+                  "color": "green",
+                  "value": 0
+                },
+                {
+                  "color": "orange",
+                  "value": 1
+                },
+                {
+                  "color": "red",
+                  "value": 10
+                }
+              ]
+            },
+            "unit": "short"
+          },
+          "overrides": []
+        },
+        "gridPos": {
+          "h": 5,
+          "w": 8,
+          "x": 0,
+          "y": 5
+        },
+        "id": 2,
+        "options": {
+          "colorMode": "background",
+          "graphMode": "none",
+          "justifyMode": "auto",
+          "orientation": "auto",
+          "percentChangeColorMode": "standard",
+          "reduceOptions": {
+            "calcs": [
+              "lastNotNull"
+            ],
+            "fields": "",
+            "values": false
+          },
+          "showPercentChange": false,
+          "textMode": "auto",
+          "wideLayout": true
+        },
+        "pluginVersion": "12.2.1",
+        "targets": [
+          {
+            "datasource": {
+              "type": "loki",
+              "uid": "ef1qnibjxb5z4a"
+            },
+            "expr": "sum(count_over_time({job=~\".+\"} |~ \"(?i)(audit|sudo|authentication|middleware|truenas)\" [5m]))",
+            "refId": "A"
+          }
+        ],
+        "title": "Audit Related Events (5m)",
+        "type": "stat"
+      },
+      {
+        "fieldConfig": {
+          "defaults": {
+            "color": {
+              "mode": "palette-classic"
+            },
+            "custom": {
+              "axisBorderShow": false,
+              "axisCenteredZero": false,
+              "axisColorMode": "text",
+              "axisLabel": "",
+              "axisPlacement": "auto",
+              "barAlignment": 0,
+              "barWidthFactor": 0.6,
+              "drawStyle": "line",
+              "fillOpacity": 20,
+              "gradientMode": "none",
+              "hideFrom": {
+                "legend": false,
+                "tooltip": false,
+                "viz": false
+              },
+              "insertNulls": false,
+              "lineInterpolation": "linear",
+              "lineWidth": 1,
+              "pointSize": 5,
+              "scaleDistribution": {
+                "type": "linear"
+              },
+              "showPoints": "never",
+              "spanNulls": false,
+              "stacking": {
+                "group": "A",
+                "mode": "none"
+              },
+              "thresholdsStyle": {
+                "mode": "off"
+              }
+            },
+            "mappings": [],
+            "thresholds": {
+              "mode": "absolute",
+              "steps": [
+                {
+                  "color": "green",
+                  "value": 0
+                },
+                {
+                  "color": "red",
+                  "value": 1
+                }
+              ]
+            },
+            "unit": "short"
+          },
+          "overrides": []
+        },
+        "gridPos": {
+          "h": 8,
+          "w": 16,
+          "x": 8,
+          "y": 5
+        },
+        "id": 3,
+        "options": {
+          "legend": {
+            "calcs": [],
+            "displayMode": "list",
+            "placement": "bottom",
+            "showLegend": true
+          },
+          "tooltip": {
+            "hideZeros": false,
+            "mode": "single",
+            "sort": "none"
+          }
+        },
+        "pluginVersion": "12.2.1",
+        "targets": [
+          {
+            "datasource": {
+              "type": "loki",
+              "uid": "ef1qnibjxb5z4a"
+            },
+            "expr": "sum(count_over_time({job=~\".+\"} |~ \"(?i)(failed|failure|denied|unauthorized|invalid user)\" [5m]))",
+            "legendFormat": "Failures",
+            "refId": "A"
+          },
+          {
+            "datasource": {
+              "type": "loki",
+              "uid": "ef1qnibjxb5z4a"
+            },
+            "expr": "sum(count_over_time({job=~\".+\"} |~ \"(?i)(sudo|privilege|root)\" [5m]))",
+            "legendFormat": "Privileged Actions",
+            "refId": "B"
+          }
+        ],
+        "title": "Security Event Rates",
+        "type": "timeseries"
+      },
+      {
+        "fieldConfig": {
+          "defaults": {},
+          "overrides": []
+        },
+        "gridPos": {
+          "h": 11,
+          "w": 24,
+          "x": 0,
+          "y": 13
+        },
+        "id": 4,
+        "options": {
+          "showCommonLabels": false,
+          "showLabels": true,
+          "showTime": true,
+          "wrapLogMessage": true
+        },
+        "targets": [
+          {
+            "datasource": {
+              "type": "loki",
+              "uid": "ef1qnibjxb5z4a"
+            },
+            "expr": "{job=~\".+\"} |~ \"(?i)(audit|sudo|authentication|middleware|truenas|smb)\"",
+            "refId": "A"
+          }
+        ],
+        "title": "Audit / Security Logs",
+        "type": "logs"
+      }
+    ],
+    "preload": false,
+    "refresh": "30s",
+    "schemaVersion": 42,
+    "tags": [
+      "truenas",
+      "audit",
+      "security",
+      "loki"
+    ],
+    "templating": {
+      "list": []
+    },
+    "time": {
+      "from": "now-6h",
+      "to": "now"
+    },
+    "timepicker": {},
+    "timezone": "browser",
+    "title": "TrueNAS Audit Overview"
+  }
+}
--- a/home-overview.json
+++ b/home-overview.json
@@ -24,7 +24,7 @@
        },
        "id": 1,
        "options": {
-          "content": "# Home Overview\n\n## Grafana Dashboards\n\n### HomeLab\n- [AdGuard Home](/d/AdGuard-Home-Exporter/adguard-home-exporter)\n- [TrueNAS Disk Insight](/d/edlz616ehgmpsd/truenas-scale-disk-insight)\n- [TrueNAS Overview](/d/truenas-overview/truenas-scale-overview)\n- [Unbound Resolver](/d/6edd697a-1ab7-41b5-94d1-57e2b7121217/unbound-resolver-overview)\n- [VyOS Router](/d/9012547f-46a9-44d0-bbb0-a6e8d861fdd6/vyos-router)\n\n### GBarmUB\n- [CrowdSec Security](/d/270488bc-baf3-4db4-88a1-8c2e56ad84b8/crowdsec-security-dashboard-gbarmub)\n- [Docker Metrics](/d/b0ae5882-f3a7-45c5-a4da-21a4815f8ed0/docker-container-metrics)\n- [GBarmUB Node Exporter](/d/rYdddlPWk/gbarmub-node-exporter)\n- [Traefik Log Review](/d/63e74460-92b3-4886-86f2-1fe27c783ece/traefik-log-review-dashboard)\n- [Traefik Official](/d/gbwmrxv/traefik-official-standalone-dashboard)\n\n### Root\n- [Home Overview](/d/home-overview/home-overview)\n- [Prometheus Stats](/d/UDdpyzz7z/prometheus-2-0-stats)",
+          "content": "# Home Overview\n\n## Grafana Dashboards\n\n### HomeLab\n- [AdGuard Home](/d/AdGuard-Home-Exporter/adguard-home-exporter)\n- [TrueNAS Disk Insight](/d/edlz616ehgmpsd/truenas-scale-disk-insight)\n- [TrueNAS Overview](/d/truenas-overview/truenas-scale-overview)\n- [TrueNAS Audit](/d/truenas-audit-overview/truenas-audit-overview)\n- [Unbound Resolver](/d/6edd697a-1ab7-41b5-94d1-57e2b7121217/unbound-resolver-overview)\n- [VyOS Router](/d/9012547f-46a9-44d0-bbb0-a6e8d861fdd6/vyos-router)\n\n### GBarmUB\n- [CrowdSec Security](/d/270488bc-baf3-4db4-88a1-8c2e56ad84b8/crowdsec-security-dashboard-gbarmub)\n- [Docker Metrics](/d/b0ae5882-f3a7-45c5-a4da-21a4815f8ed0/docker-container-metrics)\n- [GBarmUB Node Exporter](/d/rYdddlPWk/gbarmub-node-exporter)\n- [Traefik Log Review](/d/63e74460-92b3-4886-86f2-1fe27c783ece/traefik-log-review-dashboard)\n- [Traefik Official](/d/gbwmrxv/traefik-official-standalone-dashboard)\n\n### Root\n- [Home Overview](/d/home-overview/home-overview)\n- [Prometheus Stats](/d/UDdpyzz7z/prometheus-2-0-stats)",
          "mode": "markdown"
        },
        "pluginVersion": "12.1.1",