gbanyan/grafana-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9b565ead55b31f3a948835318c13fc55fcd643cf
grafana-dashboard/HomeLab/truenas-audit-overview.json

309 lines
8.1 KiB
JSON
Raw Blame History

{
"apiVersion": "dashboard.grafana.app/v1beta1",
"kind": "Dashboard",
"metadata": {
"name": "truenas-audit-overview"
},
"spec": {
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"links": [],
"panels": [
{
"datasource": null,
"gridPos": {
"h": 5,
"w": 24,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"content": "# TrueNAS Audit Overview\n\nNative TrueNAS audit events from remote syslog, parsed in Alloy, and stored in Loki as `job=\"truenas_syslog\"`.\n\n[Open Audit Logs Panel](#/viewPanel=4)\n\n## Quick Checks\n```bash\n# dns host (receiver)\nsudo systemctl status alloy --no-pager\nsudo tail -n 50 /var/log/truenas/truenas-syslog.log\n\n# truenas host (sender)\nmidclt call system.advanced.config | jq '{syslogserver,syslog_transport,syslog_audit,syslog_tls_certificate,sed_user}'\n```\n",
"mode": "markdown"
},
"pluginVersion": "12.2.1",
"targets": [],
"title": "Status",
"type": "text"
},
{
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"decimals": 0,
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": 0
},
{
"color": "orange",
"value": 1
},
{
"color": "red",
"value": 10
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 5,
"w": 8,
"x": 0,
"y": 5
},
"id": 2,
"options": {
"colorMode": "background",
"graphMode": "none",
"justifyMode": "auto",
"orientation": "auto",
"percentChangeColorMode": "standard",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"showPercentChange": false,
"textMode": "auto",
"wideLayout": true
},
"pluginVersion": "12.2.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "ef1qnibjxb5z4a"
},
"expr": "sum(count_over_time({job=\\\"truenas_syslog\\\",host=~\\\"$host\\\",svc=~\\\"$svc\\\"}[5m]))",
"refId": "A"
}
],
"title": "Audit Related Events (5m)",
"type": "stat"
},
{
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 20,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": 0
},
{
"color": "red",
"value": 1
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 16,
"x": 8,
"y": 5
},
"id": 3,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "single",
"sort": "none"
}
},
"pluginVersion": "12.2.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "ef1qnibjxb5z4a"
},
"expr": "sum(count_over_time({job=\\\"truenas_syslog\\\",host=~\\\"$host\\\",svc=~\\\"$svc\\\",success=\\\"false\\\"}[5m]))",
"legendFormat": "Failures",
"refId": "A"
},
{
"datasource": {
"type": "loki",
"uid": "ef1qnibjxb5z4a"
},
"expr": "sum(count_over_time({job=\\\"truenas_syslog\\\",host=~\\\"$host\\\",svc=~\\\"SUDO|SYSTEM\\\"}[5m]))",
"legendFormat": "Privileged Actions",
"refId": "B"
}
],
"title": "Security Event Rates",
"type": "timeseries"
},
{
"fieldConfig": {
"defaults": {},
"overrides": []
},
"gridPos": {
"h": 11,
"w": 24,
"x": 0,
"y": 13
},
"id": 4,
"options": {
"showCommonLabels": false,
"showLabels": true,
"showTime": true,
"wrapLogMessage": true
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "ef1qnibjxb5z4a"
},
"expr": "{job=\\\"truenas_syslog\\\",host=~\\\"$host\\\",svc=~\\\"$svc\\\"}",
"refId": "A"
}
],
"title": "Audit / Security Logs",
"type": "logs"
}
],
"preload": false,
"refresh": "30s",
"schemaVersion": 42,
"tags": [
"truenas",
"audit",
"security",
"loki"
],
"templating": {
"list": [
{
"name": "host",
"type": "query",
"datasource": {
"type": "loki",
"uid": "ef1qnibjxb5z4a"
},
"definition": "label_values({job=\"truenas_syslog\"}, host)",
"query": "label_values({job=\"truenas_syslog\"}, host)",
"refresh": 1,
"sort": 1,
"includeAll": true,
"allValue": ".*",
"multi": false,
"current": {
"text": "All",
"value": "$__all",
"selected": true
}
},
{
"name": "svc",
"type": "query",
"query": "label_values({job=\\\"truenas_syslog\\\",host=~\\\"$host\\\"}, svc)",
"includeAll": true,
"allValue": ".*",
"multi": false,
"current": {
"text": "All",
"value": "$__all",
"selected": true
},
"datasource": {
"type": "loki",
"uid": "ef1qnibjxb5z4a"
},
"definition": "label_values({job=\\\"truenas_syslog\\\",host=~\\\"$host\\\"}, svc)",
"refresh": 1,
"sort": 1
}
]
},
"time": {
"from": "now-6h",
"to": "now"
},
"timepicker": {},
"timezone": "browser",
"title": "TrueNAS Audit Overview"
}
}
Reference in New Issue View Git Blame Copy Permalink