mirror of
https://github.com/bsmithio/OPNsense-Dashboard.git
synced 2026-02-16 06:14:14 +00:00
711 lines
20 KiB
JSON
711 lines
20 KiB
JSON
{
|
|
"v": "1",
|
|
"id": "6f88399d-9c58-4a70-b7fe-30d4a057132a",
|
|
"rev": 2,
|
|
"name": "OPNsense Dashboard",
|
|
"summary": "This pack includes everything needed to setup Graylog for the dashboard.",
|
|
"description": "",
|
|
"vendor": "bsmithio",
|
|
"url": "https://github.com/bsmithio/OPNsense-Dashboard",
|
|
"parameters": [],
|
|
"entities": [
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "input",
|
|
"version": "1"
|
|
},
|
|
"id": "a9e59e12-e4a8-4a9f-acda-960e78b8f9b6",
|
|
"data": {
|
|
"title": {
|
|
"@type": "string",
|
|
"@value": "Syslog UDP"
|
|
},
|
|
"configuration": {
|
|
"port": {
|
|
"@type": "integer",
|
|
"@value": 1514
|
|
},
|
|
"recv_buffer_size": {
|
|
"@type": "integer",
|
|
"@value": 262144
|
|
},
|
|
"force_rdns": {
|
|
"@type": "boolean",
|
|
"@value": false
|
|
},
|
|
"allow_override_date": {
|
|
"@type": "boolean",
|
|
"@value": true
|
|
},
|
|
"bind_address": {
|
|
"@type": "string",
|
|
"@value": "0.0.0.0"
|
|
},
|
|
"expand_structured_data": {
|
|
"@type": "boolean",
|
|
"@value": false
|
|
},
|
|
"store_full_message": {
|
|
"@type": "boolean",
|
|
"@value": true
|
|
},
|
|
"charset_name": {
|
|
"@type": "string",
|
|
"@value": "UTF-8"
|
|
},
|
|
"number_worker_threads": {
|
|
"@type": "integer",
|
|
"@value": 6
|
|
}
|
|
},
|
|
"static_fields": {},
|
|
"type": {
|
|
"@type": "string",
|
|
"@value": "org.graylog2.inputs.syslog.udp.SyslogUDPInput"
|
|
},
|
|
"global": {
|
|
"@type": "boolean",
|
|
"@value": false
|
|
},
|
|
"extractors": [
|
|
{
|
|
"target_field": {
|
|
"@type": "string",
|
|
"@value": "filterlog_ipv6_icmp"
|
|
},
|
|
"condition_value": {
|
|
"@type": "string",
|
|
"@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*,(in|out),6,.*,icmp,.*)$"
|
|
},
|
|
"order": {
|
|
"@type": "integer",
|
|
"@value": 5
|
|
},
|
|
"converters": [
|
|
{
|
|
"type": {
|
|
"@type": "string",
|
|
"@value": "CSV"
|
|
},
|
|
"configuration": {
|
|
"column_header": {
|
|
"@type": "string",
|
|
"@value": "rule-number,sub-rule-number,anchor,tracker,interface,reason,action,direction,ip-version,class,flowlabel,hoplimit,protocol-name,protocol-id,length,src-ip,dst-ip,datalength"
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"configuration": {
|
|
"regex_value": {
|
|
"@type": "string",
|
|
"@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*)$"
|
|
}
|
|
},
|
|
"source_field": {
|
|
"@type": "string",
|
|
"@value": "full_message"
|
|
},
|
|
"title": {
|
|
"@type": "string",
|
|
"@value": "OPNsense: RFC5424 IPv6 ICMP"
|
|
},
|
|
"type": {
|
|
"@type": "string",
|
|
"@value": "REGEX"
|
|
},
|
|
"cursor_strategy": {
|
|
"@type": "string",
|
|
"@value": "COPY"
|
|
},
|
|
"condition_type": {
|
|
"@type": "string",
|
|
"@value": "REGEX"
|
|
}
|
|
},
|
|
{
|
|
"target_field": {
|
|
"@type": "string",
|
|
"@value": "filterlog_ipv6_tcp"
|
|
},
|
|
"condition_value": {
|
|
"@type": "string",
|
|
"@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*,(in|out),6,.*,tcp,.*)$"
|
|
},
|
|
"order": {
|
|
"@type": "integer",
|
|
"@value": 1
|
|
},
|
|
"converters": [
|
|
{
|
|
"type": {
|
|
"@type": "string",
|
|
"@value": "CSV"
|
|
},
|
|
"configuration": {
|
|
"column_header": {
|
|
"@type": "string",
|
|
"@value": "rule-number,sub-rule-number,anchor,tracker,interface,reason,action,direction,ipversion,class,flowlabel,hoplimit,protocol-name,protocol-id,length,src-ip,dst-ip,src-port,dst-port,datalength,tcp-flags,sequence,ack,window,urg,options,opnsense-rid"
|
|
},
|
|
"trim_leading_whitespace": {
|
|
"@type": "boolean",
|
|
"@value": true
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"configuration": {
|
|
"regex_value": {
|
|
"@type": "string",
|
|
"@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*)$"
|
|
}
|
|
},
|
|
"source_field": {
|
|
"@type": "string",
|
|
"@value": "full_message"
|
|
},
|
|
"title": {
|
|
"@type": "string",
|
|
"@value": "OPNsense: RFC5424 IPv6 TCP"
|
|
},
|
|
"type": {
|
|
"@type": "string",
|
|
"@value": "REGEX"
|
|
},
|
|
"cursor_strategy": {
|
|
"@type": "string",
|
|
"@value": "COPY"
|
|
},
|
|
"condition_type": {
|
|
"@type": "string",
|
|
"@value": "REGEX"
|
|
}
|
|
},
|
|
{
|
|
"target_field": {
|
|
"@type": "string",
|
|
"@value": "filterlog_ipv4_tcp"
|
|
},
|
|
"condition_value": {
|
|
"@type": "string",
|
|
"@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*,(in|out),4,.*,tcp,.*)$"
|
|
},
|
|
"order": {
|
|
"@type": "integer",
|
|
"@value": 0
|
|
},
|
|
"converters": [
|
|
{
|
|
"type": {
|
|
"@type": "string",
|
|
"@value": "CSV"
|
|
},
|
|
"configuration": {
|
|
"column_header": {
|
|
"@type": "string",
|
|
"@value": "rule-number,sub-rule-number,anchor,tracker,interface,reason,action,direction,ip-version,tos,ecn,ttl,id,offset,ip-flags,protocol-id,protocol-name,length,src-ip,dst-ip,src-port,dst-port,datalength,tcp-flags,sequence,f1,f2,tcp-options,opnsense-rid"
|
|
},
|
|
"trim_leading_whitespace": {
|
|
"@type": "boolean",
|
|
"@value": true
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"configuration": {
|
|
"regex_value": {
|
|
"@type": "string",
|
|
"@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*)$"
|
|
}
|
|
},
|
|
"source_field": {
|
|
"@type": "string",
|
|
"@value": "full_message"
|
|
},
|
|
"title": {
|
|
"@type": "string",
|
|
"@value": "OPNsense: RFC5424 IPv4 TCP"
|
|
},
|
|
"type": {
|
|
"@type": "string",
|
|
"@value": "REGEX"
|
|
},
|
|
"cursor_strategy": {
|
|
"@type": "string",
|
|
"@value": "COPY"
|
|
},
|
|
"condition_type": {
|
|
"@type": "string",
|
|
"@value": "REGEX"
|
|
}
|
|
},
|
|
{
|
|
"target_field": {
|
|
"@type": "string",
|
|
"@value": "filterlog_ipv4_udp"
|
|
},
|
|
"condition_value": {
|
|
"@type": "string",
|
|
"@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*,(in|out),4,.*,udp,.*)$"
|
|
},
|
|
"order": {
|
|
"@type": "integer",
|
|
"@value": 2
|
|
},
|
|
"converters": [
|
|
{
|
|
"type": {
|
|
"@type": "string",
|
|
"@value": "CSV"
|
|
},
|
|
"configuration": {
|
|
"column_header": {
|
|
"@type": "string",
|
|
"@value": "rule-number,sub-rule-number,anchor,tracker,interface,reason,action,direction,ip-version,tos,ecn,ttl,id,offset,flags,protocol-id,protocol-name,length,src-ip,dst-ip,src-port,dst-port,opnsense-rid"
|
|
},
|
|
"trim_leading_whitespace": {
|
|
"@type": "boolean",
|
|
"@value": true
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"configuration": {
|
|
"regex_value": {
|
|
"@type": "string",
|
|
"@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*)$"
|
|
}
|
|
},
|
|
"source_field": {
|
|
"@type": "string",
|
|
"@value": "full_message"
|
|
},
|
|
"title": {
|
|
"@type": "string",
|
|
"@value": "OPNsense: RFC5424 IPv4 UDP"
|
|
},
|
|
"type": {
|
|
"@type": "string",
|
|
"@value": "REGEX"
|
|
},
|
|
"cursor_strategy": {
|
|
"@type": "string",
|
|
"@value": "COPY"
|
|
},
|
|
"condition_type": {
|
|
"@type": "string",
|
|
"@value": "REGEX"
|
|
}
|
|
},
|
|
{
|
|
"target_field": {
|
|
"@type": "string",
|
|
"@value": "filterlog_ipv4_icmp"
|
|
},
|
|
"condition_value": {
|
|
"@type": "string",
|
|
"@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*,(in|out),4,.*,icmp,.*)$"
|
|
},
|
|
"order": {
|
|
"@type": "integer",
|
|
"@value": 4
|
|
},
|
|
"converters": [
|
|
{
|
|
"type": {
|
|
"@type": "string",
|
|
"@value": "CSV"
|
|
},
|
|
"configuration": {
|
|
"column_header": {
|
|
"@type": "string",
|
|
"@value": "rule-number,sub-rule-number,anchor,tracker,interface,reason,action,direction,ip-version,tos,ecn,ttl,id,offset,flags,protocol-id,protocol-name,length,src-ip,dst-ip,datalength"
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"configuration": {
|
|
"regex_value": {
|
|
"@type": "string",
|
|
"@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*)$"
|
|
}
|
|
},
|
|
"source_field": {
|
|
"@type": "string",
|
|
"@value": "full_message"
|
|
},
|
|
"title": {
|
|
"@type": "string",
|
|
"@value": "OPNsense: RFC5424 IPv4 ICMP"
|
|
},
|
|
"type": {
|
|
"@type": "string",
|
|
"@value": "REGEX"
|
|
},
|
|
"cursor_strategy": {
|
|
"@type": "string",
|
|
"@value": "COPY"
|
|
},
|
|
"condition_type": {
|
|
"@type": "string",
|
|
"@value": "REGEX"
|
|
}
|
|
},
|
|
{
|
|
"target_field": {
|
|
"@type": "string",
|
|
"@value": "filterlog_ipv6_udp"
|
|
},
|
|
"condition_value": {
|
|
"@type": "string",
|
|
"@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*,(in|out),6,.*,udp,.*)$"
|
|
},
|
|
"order": {
|
|
"@type": "integer",
|
|
"@value": 3
|
|
},
|
|
"converters": [
|
|
{
|
|
"type": {
|
|
"@type": "string",
|
|
"@value": "CSV"
|
|
},
|
|
"configuration": {
|
|
"column_header": {
|
|
"@type": "string",
|
|
"@value": "rule-number,sub-rule-number,anchor,tracker,interface,reason,action,direction,ip-version,class,flowlabel,hoplimit,protocol-name,protocol-id,length,src-ip,dst-ip,src-port,dst-port,opnsense-rid"
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"configuration": {
|
|
"regex_value": {
|
|
"@type": "string",
|
|
"@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*)$"
|
|
}
|
|
},
|
|
"source_field": {
|
|
"@type": "string",
|
|
"@value": "full_message"
|
|
},
|
|
"title": {
|
|
"@type": "string",
|
|
"@value": "OPNsense: RFC5424 IPv6 UDP"
|
|
},
|
|
"type": {
|
|
"@type": "string",
|
|
"@value": "REGEX"
|
|
},
|
|
"cursor_strategy": {
|
|
"@type": "string",
|
|
"@value": "COPY"
|
|
},
|
|
"condition_type": {
|
|
"@type": "string",
|
|
"@value": "REGEX"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=5.0.2+59d96f8"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "lookup_adapter",
|
|
"version": "1"
|
|
},
|
|
"id": "056ed2d3-38f8-41cc-8cb0-b9fdb8d95d32",
|
|
"data": {
|
|
"_scope": {
|
|
"@type": "string",
|
|
"@value": "DEFAULT"
|
|
},
|
|
"name": {
|
|
"@type": "string",
|
|
"@value": "geoip"
|
|
},
|
|
"title": {
|
|
"@type": "string",
|
|
"@value": "GeoIP"
|
|
},
|
|
"description": {
|
|
"@type": "string",
|
|
"@value": "Geo IP Lookup Table"
|
|
},
|
|
"configuration": {
|
|
"type": {
|
|
"@type": "string",
|
|
"@value": "maxmind_geoip"
|
|
},
|
|
"path": {
|
|
"@type": "string",
|
|
"@value": "/usr/share/graylog/data/data/GeoLite2-Country.mmdb"
|
|
},
|
|
"database_type": {
|
|
"@type": "string",
|
|
"@value": "MAXMIND_COUNTRY"
|
|
},
|
|
"check_interval": {
|
|
"@type": "long",
|
|
"@value": 1
|
|
},
|
|
"check_interval_unit": {
|
|
"@type": "string",
|
|
"@value": "MINUTES"
|
|
}
|
|
}
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=5.0.2+59d96f8"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "lookup_cache",
|
|
"version": "1"
|
|
},
|
|
"id": "776809e0-ea08-45e0-9df3-f06bb15585ed",
|
|
"data": {
|
|
"_scope": {
|
|
"@type": "string",
|
|
"@value": "DEFAULT"
|
|
},
|
|
"name": {
|
|
"@type": "string",
|
|
"@value": "geoip"
|
|
},
|
|
"title": {
|
|
"@type": "string",
|
|
"@value": "GeoIP"
|
|
},
|
|
"description": {
|
|
"@type": "string",
|
|
"@value": "GeoIP Cache"
|
|
},
|
|
"configuration": {
|
|
"type": {
|
|
"@type": "string",
|
|
"@value": "guava_cache"
|
|
},
|
|
"max_size": {
|
|
"@type": "integer",
|
|
"@value": 1000
|
|
},
|
|
"expire_after_access": {
|
|
"@type": "long",
|
|
"@value": 1
|
|
},
|
|
"expire_after_access_unit": {
|
|
"@type": "string",
|
|
"@value": "SECONDS"
|
|
},
|
|
"expire_after_write": {
|
|
"@type": "long",
|
|
"@value": 0
|
|
}
|
|
}
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=5.0.2+59d96f8"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "lookup_table",
|
|
"version": "1"
|
|
},
|
|
"id": "19a27a83-5ffc-4f8d-a39c-a00d7c4ea36a",
|
|
"data": {
|
|
"default_single_value_type": {
|
|
"@type": "string",
|
|
"@value": "NULL"
|
|
},
|
|
"cache_name": {
|
|
"@type": "string",
|
|
"@value": "776809e0-ea08-45e0-9df3-f06bb15585ed"
|
|
},
|
|
"name": {
|
|
"@type": "string",
|
|
"@value": "geoip"
|
|
},
|
|
"default_multi_value_type": {
|
|
"@type": "string",
|
|
"@value": "NULL"
|
|
},
|
|
"default_multi_value": {
|
|
"@type": "string",
|
|
"@value": ""
|
|
},
|
|
"data_adapter_name": {
|
|
"@type": "string",
|
|
"@value": "056ed2d3-38f8-41cc-8cb0-b9fdb8d95d32"
|
|
},
|
|
"_scope": {
|
|
"@type": "string",
|
|
"@value": "DEFAULT"
|
|
},
|
|
"title": {
|
|
"@type": "string",
|
|
"@value": "GeoIP"
|
|
},
|
|
"default_single_value": {
|
|
"@type": "string",
|
|
"@value": ""
|
|
},
|
|
"description": {
|
|
"@type": "string",
|
|
"@value": "Geo IP Lookup"
|
|
}
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=5.0.2+59d96f8"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "pipeline",
|
|
"version": "1"
|
|
},
|
|
"id": "5a7ec7eb-d413-4d6f-96e1-70a73f4df8e1",
|
|
"data": {
|
|
"title": {
|
|
"@type": "string",
|
|
"@value": "GeoIP"
|
|
},
|
|
"description": {
|
|
"@type": "string",
|
|
"@value": "GeoIP"
|
|
},
|
|
"source": {
|
|
"@type": "string",
|
|
"@value": "pipeline \"GeoIP\"\nstage 0 match either\nrule \"GeoIP lookup: src-ip\"\nend"
|
|
},
|
|
"connected_streams": [
|
|
{
|
|
"@type": "string",
|
|
"@value": "67c8983f-c842-4a33-9650-94f19a793e0d"
|
|
}
|
|
]
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=5.0.2+59d96f8"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "pipeline_rule",
|
|
"version": "1"
|
|
},
|
|
"id": "9bea4894-60ec-495b-8531-0f5e27fc8025",
|
|
"data": {
|
|
"title": {
|
|
"@type": "string",
|
|
"@value": "GeoIP lookup: src-ip"
|
|
},
|
|
"description": {
|
|
"@type": "string",
|
|
"@value": ""
|
|
},
|
|
"source": {
|
|
"@type": "string",
|
|
"@value": "rule \"GeoIP lookup: src-ip\"\nwhen\nhas_field(\"src-ip\")\nthen\nlet geo = lookup(\"geoip\", to_string($message.\"src-ip\"));\nset_field(\"src-ip-geo-location\", geo[\"coordinates\"]);\nset_field(\"src-ip-geo-country\", geo[\"country\"].iso_code);\nset_field(\"src-ip-geo-city\", geo[\"city\"].names.en);\nend"
|
|
}
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=5.0.2+59d96f8"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"v": "1",
|
|
"type": {
|
|
"name": "stream",
|
|
"version": "1"
|
|
},
|
|
"id": "67c8983f-c842-4a33-9650-94f19a793e0d",
|
|
"data": {
|
|
"alarm_callbacks": [],
|
|
"outputs": [],
|
|
"remove_matches": {
|
|
"@type": "boolean",
|
|
"@value": true
|
|
},
|
|
"title": {
|
|
"@type": "string",
|
|
"@value": "OPNsense / filterlog"
|
|
},
|
|
"stream_rules": [
|
|
{
|
|
"type": {
|
|
"@type": "string",
|
|
"@value": "CONTAINS"
|
|
},
|
|
"field": {
|
|
"@type": "string",
|
|
"@value": "application_name"
|
|
},
|
|
"value": {
|
|
"@type": "string",
|
|
"@value": "filterlog"
|
|
},
|
|
"inverted": {
|
|
"@type": "boolean",
|
|
"@value": false
|
|
},
|
|
"description": {
|
|
"@type": "string",
|
|
"@value": ""
|
|
}
|
|
}
|
|
],
|
|
"alert_conditions": [],
|
|
"matching_type": {
|
|
"@type": "string",
|
|
"@value": "OR"
|
|
},
|
|
"disabled": {
|
|
"@type": "boolean",
|
|
"@value": false
|
|
},
|
|
"description": {
|
|
"@type": "string",
|
|
"@value": "OPNsense filter logs"
|
|
},
|
|
"default_stream": {
|
|
"@type": "boolean",
|
|
"@value": false
|
|
}
|
|
},
|
|
"constraints": [
|
|
{
|
|
"type": "server-version",
|
|
"version": ">=5.0.2+59d96f8"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|