deepblue/pfSense-Dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated Screenshot

Browse Source 
Update pfBlocker graphs

I updated the telegraf config to utilize tail rather than the soon to be phased out logparser input. As a result, i'm using new measurements for IP and DNS stats.
I'm ok with clearing these stats, but if you prefer, you can use/copy the graphs from this commit:
0df1017250/pfSense-Grafana-Dashboard.json

I updated the field names to reflect what's being written in the pfBlocker logs (as best as possible)
232722ac52/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng.inc (L4597)
This commit is contained in:
Victor Robellini 2021-03-05 23:13:23 -05:00
parent 0df1017250
commit 118b5fccaf
3 changed files with 4063 additions and 3490 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Grafana-pfSense.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.5 MiB

After

Width:  |  Height:  |  Size: 1.5 MiB

30
config/additional_config.conf
View File

@ -6,23 +6,21 @@
] ]
data_format = "influx" data_format = "influx"
[[inputs.logparser]] [[inputs.tail]]
files = ["/var/log/pfblockerng/dnsbl.log"]
from_beginning=true
[inputs.logparser.grok]
measurement = "dnsbl_log"
patterns = ["^%{WORD:BlockType}-%{WORD:BlockSubType},%{SYSLOGTIMESTAMP:timestamp:ts-syslog},%{IPORHOST:destination:tag},%{IPORHOST:source:tag},%{GREEDYDATA:call},%{WORD:BlockMethod},%{WORD:BlockList},%{IPORHOST:tld:tag},%{WORD:DefinedList:tag},%{GREEDYDATA:hitormiss}"]
timezone = "Local"
[inputs.logparser.tags]
value = "1"
[[inputs.logparser]]
files = ["/var/log/pfblockerng/ip_block.log"] files = ["/var/log/pfblockerng/ip_block.log"]
from_beginning=true name_suffix = "_ipblock"
[inputs.logparser.grok] data_format = "csv"
measurement = "ip_block_log" csv_delimiter = ","
patterns = ["^%{SYSLOGTIMESTAMP:timestamp:ts-syslog},%{NUMBER:TrackerID},%{GREEDYDATA:Interface},%{WORD:InterfaceName},%{WORD:action},%{NUMBER:IPVersion},%{NUMBER:ProtocolID},%{GREEDYDATA:Protocol},%{IPORHOST:SrcIP:tag},%{IPORHOST:DstIP:tag},%{NUMBER:SrcPort},%{NUMBER:DstPort},%{WORD:Dir},%{WORD:GeoIP:tag},%{GREEDYDATA:AliasName},%{GREEDYDATA:IPEvaluated},%{GREEDYDATA:FeedName:tag},%{HOSTNAME:ResolvedHostname},%{HOSTNAME:ClientHostname},%{GREEDYDATA:ASN},%{GREEDYDATA:DuplicateEventStatus}"] csv_tag_columns = ["geoip_code","feed_name","src_ip"]
timezone = "Local" csv_column_names = ["timestamp","rulenum","interface","friendlyname","action","ip_version","protocolid","protocol","src_ip","dest_ip","src_port","dest_port","direction","geoip_code","ip_alias_name","ip_evaluated","feed_name","resolvedhostname","clienthostname","asn","duplicateeventstatus"]
[[inputs.tail]]
files = ["/var/log/pfblockerng/dnsbl.log"]
name_suffix = "_dnsbl"
data_format = "csv"
csv_delimiter = ","
csv_tag_columns = ["src_ip","tld"]
csv_column_names = ["blocktype","timestamp","domain","src_ip","req_agent","blockmethod","blocklist","tld","feed_name","duplicateeventstatus"]
#[[inputs.unbound]] #[[inputs.unbound]]
# server = "127.0.0.1:953" # server = "127.0.0.1:953"

7521
pfSense-Grafana-Dashboard.json
View File

File diff suppressed because it is too large Load Diff