deepblue/pfSense-Dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #7 from tiny6996/master

Browse Source 
changed from using grok to csv and updated interfaces
This commit is contained in:
VictorRobellini 2020-05-20 09:29:54 -04:00 committed by GitHub
commit a367c8cb07
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 2276 additions and 420 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -94,7 +94,7 @@ After writing this up, I realize I need to change this variable name, it's just
### Telegraf ### Telegraf
[Telegraf Config](config/additional_config.conf) [Telegraf Config](config/additional_config.conf)
In the [/config](config/additional_config.conf) directory you will find all of the additional telegraf config. In pfSense, under Services -> Teltegraf, at the bottom of the page with the teeny tiny text box is where you paste in the included config. In the [/config](config/additional_config.conf) directory you will find all of the additional telegraf config. In pfSense, under Services -> Telegraf, at the bottom of the page with the teeny tiny text box is where you paste in the included config.
I also included the config for Unbound DNS and it's commented out. I'm not currently using it, but it's fully functional, just uncomment if you want to use it. I also included the config for Unbound DNS and it's commented out. I'm not currently using it, but it's fully functional, just uncomment if you want to use it.

26
config/additional_config.conf
View File

@ -6,23 +6,21 @@
] ]
data_format = "influx" data_format = "influx"
[[inputs.logparser]] [[inputs.tail]]
files = ["/var/log/pfblockerng/dnsbl.log"] files = ["/var/log/pfblockerng/dnsbl.log"]
from_beginning=true name_suffix = "_dnsbl"
[inputs.logparser.grok] data_format = "csv"
measurement = "dnsbl_log" csv_delimiter = ","
patterns = ["^%{WORD:BlockType}-%{WORD:BlockSubType},%{SYSLOGTIMESTAMP:timestamp:ts-syslog},%{IPORHOST:destination:tag},%{IPORHOST:source:tag},%{GREEDYDATA:call},%{WORD:BlockMethod},%{WORD:BlockList},%{IPORHOST:tld:tag},%{WORD:DefinedList:tag},%{GREEDYDATA:hitormiss}"] csv_tag_columns = ["destination","source","tld"]
timezone = "Local" csv_column_names = ["BlockType","timestamp","destination","source","call","BlockMethod","BlockList","tld","DefinedList","hitormiss"]
[inputs.logparser.tags]
value = "1"
[[inputs.logparser]] [[inputs.tail]]
files = ["/var/log/pfblockerng/ip_block.log"] files = ["/var/log/pfblockerng/ip_block.log"]
from_beginning=true name_suffix = "_ipblock"
[inputs.logparser.grok] data_format = "csv"
measurement = "ip_block_log" csv_delimiter = ","
patterns = ["^%{SYSLOGTIMESTAMP:timestamp:ts-syslog},%{NUMBER:TrackerID},%{GREEDYDATA:Interface},%{WORD:InterfaceName},%{WORD:action},%{NUMBER:IPVersion},%{NUMBER:ProtocolID},%{GREEDYDATA:Protocol},%{IPORHOST:SrcIP:tag},%{IPORHOST:DstIP:tag},%{NUMBER:SrcPort},%{NUMBER:DstPort},%{WORD:Dir},%{WORD:GeoIP:tag},%{GREEDYDATA:AliasName},%{GREEDYDATA:IPEvaluated},%{GREEDYDATA:FeedName:tag},%{HOSTNAME:ResolvedHostname},%{HOSTNAME:ClientHostname},%{GREEDYDATA:ASN},%{GREEDYDATA:DuplicateEventStatus}"] csv_tag_columns = ["GeoIP","FeedName","SrcIP","DstIP"]
timezone = "Local" csv_column_names = ["timestamp","TrackerID","Interface","InterfaceName","action","IPVersion","ProtocolID","Protocol","SrcIP","DstIP","SrcPort","DstPort","Dir","GeoIP","AliasName","IPEvaluated","FeedName","ResolvedHostname","ClientHostname","ASN","DuplicateEventStatus"]
#[[inputs.unbound]] #[[inputs.unbound]]
# server = "127.0.0.1:953" # server = "127.0.0.1:953"

2572
pfSense-Grafana-Dashboard.json
View File

File diff suppressed because it is too large Load Diff