diff --git a/README.md b/README.md index 35048f3..644e78b 100644 --- a/README.md +++ b/README.md @@ -2,64 +2,124 @@ Simple stack pour monitorer les logs des conteneurs ou applications d'un serveur via LOKI / PROMTAIL -## CONFIGURATION +![ARCHI](docs/promtail-loki.png) -### LOKI AGENT HOST +## UTILISATION LOCALE -Pour que LOKI récupère les logs des conteneurs il faut ajouter les labels au docker-compose.yml: +```bash +docker-compose up -d +``` + +Grafana est disponible à l'adresse: http://localhost:3000 +> user: admin / password: admin + +## CONFIGURATION PROD + +De base promtail est configuré pour faire remonter les logs systèmes (/var/log) + +### PROMTAIL AGENT HOST + +Promtail est l'agent qui va pusher les logs vers Loki: +```yml + promtail: + image: grafana/promtail:2.9.4 + container_name: promtail + volumes: + - ./promtail/config.yml:/etc/promtail/config.yml + - /var/lib/docker/containers:/var/lib/docker/containers:ro + - /var/run/docker.sock:/var/run/docker.sock + - /var/log:/var/log + command: -config.file=/etc/promtail/config.yml + depends_on: + - loki +``` + +Pour que LOKI récupère les logs des conteneurs il faut ajouter les labels aux conteneurs dont on veux monitorer les logs: ```yml labels: logging: "promtail" logging_jobname: "containerlogs" ``` +### GRAFANA + +C'est sur le serveur de Grafana que l'on déploie Loki: + +```yml +version: "3" + +services: + loki: + image: grafana/loki:2.9.4 + container_name: loki + ports: + - 3100:3100 + volumes: + - ./loki/config:/etc/loki + - ./loki/cert:/etc/loki/cert + command: -config.file=/etc/loki/config.yml +``` + +Ajouter une datasource en entrant l'URI du serveur Loki ainsi que le certificat (/etc/loki/cert/ca.crt) + +![AJOUT DATASOURCE](docs/datasource.png) + #### TLS - Create certs: +> Renseigner les nom du serveur LOKI ainsi que son DNS, idem pour l'agent Promtail dans le .env + ```bash -openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -keyout gn-prod.key -out gn-prod.crt -subj "/C=FR/ST=PARIS/L=GarageNum/O=prom/CN=legaragenumerique.fr" -addext "subjectAltName = DNS:gnprod" +./certificates.sh ``` -> remplacer Les infos (C=FR, ST=PARIS, L=GarageNum, ...) - TLS config: + +Décommenter les lignes concernant le TLS dans promtail/config/yml comme suit: + +```yaml +clients: + # LOCAL + # - url: http://loki:3100/loki/api/v1/push + + # DISTANT TLS + - url: https://loki-dns-serveur:3100/loki/api/v1/push + tls_config: + ca_file: /usr/allen/loki/cert/ca.crt + cert_file: /usr/allen/loki/cert/promtail.client.crt + key_file: /usr/allen/loki/cert/client.key + server_name: loki-dns-serveur + insecure_skip_verify: false +``` + +Idem pour loki/config/config.yml: + ```yaml server: http_listen_port: 3100 - grpc_listen_port: 9443 - + +# DISTANT TLS + grpc_listen_port: 9096 http_tls_config: - client_auth_type: RequireAndVerifyClientCert - client_ca_file: /opt/loki/certs/loki_CA_.cer - cert_file: /etc/loki/server.crt - key_file: /etc/loki/server.key - grpc_tls_config: + cert_file: /etc/loki/cert/loki.server.crt + key_file: /etc/loki/cert/server.key client_auth_type: RequireAndVerifyClientCert - client_ca_file: /opt/loki/certs/loki_CA_.cer - cert_file: /etc/loki/server.crt - key_file: /etc/loki/server.key + client_ca_file: /etc/loki/cert/ca.crt ``` -### GRAFANA HOST - - - -## UTILISATION - -```bash -docker-compose up -d -``` +> Modifier loki-dns-serveur avec le vrai dns du serveur ## DASHBOARD > import dashboard ID: 17514 > Faire la dashboard standard -- [ ] schema type -- [ ] provisionner dashboard -- [ ] Pormtail config +- [X] schema type +- [X] provisionner dashboard +- [X] Promtail config - [ ] TLS config (https) -- [ ] SSH logs +- [X] SSH logs > le scraping des metrics du serveur distant se font désormais via TLS \ No newline at end of file diff --git a/certificates.sh b/certificates.sh new file mode 100755 index 0000000..460452f --- /dev/null +++ b/certificates.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +# Load .env +if [ -f .env ]; then + export $(grep -v '^#' .env | xargs -0) +else + echo "Error: .env file not found." + exit 1 +fi + +CERT_DIR="loki/cert" +mkdir -p "$CERT_DIR" + +# Root CA certificate +openssl req -newkey rsa:4096 -nodes -keyout ca.key -subj "$CA_SUBJECT" -out ca.csr +openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out "$CERT_DIR/ca.crt" + +# Server certificate +openssl req -newkey rsa:4096 -nodes -keyout "$CERT_DIR/server.key" -subj "$SERVER_SUBJECT" -out "$CERT_DIR/server.csr" +openssl x509 -req -extfile <(printf "subjectAltName=$SERVER_DNS") -days 1365 -in "$CERT_DIR/server.csr" -CA "$CERT_DIR/ca.crt" -CAkey ca.key -CAcreateserial -out "$CERT_DIR/server.crt" + +# Client certificate +openssl req -newkey rsa:4096 -nodes -keyout "$CERT_DIR/client.key" -subj "$CLIENT_SUBJECT" -out "$CERT_DIR/client.csr" +openssl x509 -req -extfile <(printf "subjectAltName=$CLIENT_DNS") -days 1365 -in "$CERT_DIR/client.csr" -CA "$CERT_DIR/ca.crt" -CAkey ca.key -CAcreateserial -out "$CERT_DIR/client.crt" + +# Clean up! +rm -f ca.csr "$CERT_DIR/server.csr" "$CERT_DIR/client.csr" ca.srl + +echo "Certificate generation completed successfully. Certificates are stored in the '$CERT_DIR' directory." \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 8c00132..a79fdf6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,37 +2,37 @@ version: '3.8' services: # APP EXEMPLE - # nginx-app: - # container_name: nginx-app - # image: nginx - # # NECESSARY FOR LOKI - # labels: - # logging: "promtail" - # logging_jobname: "containerlogs" - # ports: - # - 8080:80 + nginx-app: + container_name: nginx-app + image: nginx + # NECESSARY FOR LOKI + labels: + logging: "promtail" + logging_jobname: "containerlogs" + ports: + - 8080:80 - # grafana: - # image: grafana/grafana:latest - # container_name: grafana - # ports: - # - 3000:3000 - # volumes: - # - ./grafana/provisioning/datasources:/etc/grafana/provisioning/datasources - # - ./grafana/dashboards:/var/lib/grafana/dashboards + grafana: + image: grafana/grafana:latest + container_name: grafana + ports: + - 3000:3000 + volumes: + - ./grafana/provisioning:/etc/grafana/provisioning + # - ./grafana/dashboards:/var/lib/grafana/dashboards loki: - image: grafana/loki:latest + image: grafana/loki:2.9.4 container_name: loki ports: - 3100:3100 volumes: - ./loki/config:/etc/loki - - ./loki/certs:/etc/loki/certs + - ./loki/cert:/etc/loki/cert command: -config.file=/etc/loki/config.yml promtail: - image: grafana/promtail:latest + image: grafana/promtail:2.9.4 container_name: promtail volumes: - ./promtail/config.yml:/etc/promtail/config.yml diff --git a/docs/promtail-loki.png b/docs/promtail-loki.png new file mode 100644 index 0000000..a7f4089 Binary files /dev/null and b/docs/promtail-loki.png differ diff --git a/grafana/dashboards/dashboard-exemple.json b/grafana/dashboards/dashboard-exemple.json deleted file mode 100644 index b830d39..0000000 --- a/grafana/dashboards/dashboard-exemple.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "grafana", - "uid": "-- Grafana --" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "id": 1, - "links": [], - "liveNow": false, - "panels": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 1, - "options": { - "dedupStrategy": "none", - "enableLogDetails": true, - "prettifyLogMessage": false, - "showCommonLabels": false, - "showLabels": false, - "showTime": false, - "sortOrder": "Descending", - "wrapLogMessage": false - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "builder", - "expr": "{container=\"nginx-app\"} |= ``", - "key": "Q-d83b192b-23c0-4458-9a28-0d178f451096-0", - "queryType": "range", - "refId": "A" - } - ], - "title": "nginx-app logs", - "transformations": [], - "type": "logs" - } - ], - "refresh": "5s", - "schemaVersion": 39, - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-6h", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "dashboard-exemple", - "uid": "f5bb84b2-b3f1-4776-9ab5-5d2389adfaec", - "version": 1, - "weekStart": "" - } \ No newline at end of file diff --git a/grafana/dashboards/ssh-dashboard.json b/grafana/dashboards/ssh-dashboard.json deleted file mode 100644 index bd19f8c..0000000 --- a/grafana/dashboards/ssh-dashboard.json +++ /dev/null @@ -1,1577 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "grafana", - "uid": "-- Grafana --" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "description": "Loki v2 SSH Logs", - "editable": true, - "fiscalYearStartMonth": 0, - "gnetId": 17514, - "graphTooltip": 0, - "id": 1, - "links": [], - "liveNow": false, - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 5, - "panels": [], - "title": "SSH - Total Stats", - "type": "row" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "index": 0, - "text": "0" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "purple", - "value": null - } - ] - }, - "unit": "short", - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 1 - }, - "id": 2, - "options": { - "colorMode": "background", - "graphMode": "none", - "justifyMode": "center", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "sum by(instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | __error__=\"\" [$__interval]))", - "queryType": "range", - "refId": "A" - } - ], - "title": "Total Opened Connection", - "type": "stat" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "index": 0, - "text": "0" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "purple", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - }, - "unit": "short", - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 6, - "y": 1 - }, - "id": 3, - "options": { - "colorMode": "background", - "graphMode": "none", - "justifyMode": "center", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "sum by(instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Failed|: Invalid|: Connection closed by authenticating user\" | __error__=\"\" [$__interval]))", - "hide": false, - "queryType": "range", - "refId": "A" - } - ], - "title": "Total Failed Connection", - "transformations": [ - { - "id": "merge", - "options": {} - } - ], - "type": "stat" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "fieldConfig": { - "defaults": { - "mappings": [ - { - "options": { - "match": "null", - "result": { - "index": 0, - "text": "0" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "purple", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - }, - "unit": "short", - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 9, - "y": 1 - }, - "id": 21, - "options": { - "colorMode": "background", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "count" - ], - "fields": "/^IP$/", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" |~\".* from .*\" | pattern `<_> from port` | __error__=\"\" [$__interval]))", - "hide": false, - "legendFormat": "{{ ip }}", - "queryType": "range", - "refId": "A", - "resolution": 1 - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" !~\".* from .*\" | pattern `<_> user <_> port` | __error__=\"\" [$__interval]))", - "hide": false, - "legendFormat": "{{ ip }}", - "queryType": "range", - "refId": "B" - } - ], - "title": "Total Failed - Unique IP", - "transformations": [ - { - "id": "labelsToFields", - "options": { - "mode": "rows", - "valueLabel": "ip" - } - }, - { - "id": "merge", - "options": {} - }, - { - "id": "organize", - "options": { - "excludeByName": { - "178.40.119.51": false, - "194.154.240.221": false, - "label": true - }, - "indexByName": {}, - "renameByName": { - "value": "IP" - } - } - } - ], - "type": "stat" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "index": 0, - "text": "0" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "orange", - "value": null - } - ] - }, - "unit": "short", - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 12, - "y": 1 - }, - "id": 6, - "options": { - "colorMode": "background", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" | __error__=\"\" [$__interval])", - "queryType": "range", - "refId": "A" - } - ], - "title": "SSH Log Lines", - "type": "stat" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "index": 0, - "text": "0" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "orange", - "value": null - } - ] - }, - "unit": "decbytes", - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 15, - "y": 1 - }, - "id": 7, - "options": { - "colorMode": "background", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "bytes_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" | __error__=\"\" [$__interval])", - "queryType": "range", - "refId": "A" - } - ], - "title": "SSH Log in bytes", - "type": "stat" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - } - }, - "mappings": [], - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 6, - "x": 0, - "y": 5 - }, - "id": 15, - "options": { - "displayLabels": [], - "legend": { - "displayMode": "table", - "placement": "right", - "showLegend": true, - "values": [ - "value", - "percent" - ] - }, - "pieType": "donut", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.2.5", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "sum by (username) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user (` | username !~\".* by \" | __error__=\"\" [$__interval]))", - "hide": false, - "legendFormat": "{{ username }}", - "queryType": "range", - "refId": "A" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "sum by (username) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user <_>` | username !~\".*(uid=.*)\" | __error__=\"\" [$__interval]))", - "hide": false, - "legendFormat": "{{ username }}", - "queryType": "range", - "refId": "B" - } - ], - "title": "Session Opened by User", - "transformations": [], - "type": "piechart" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - } - }, - "mappings": [], - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 6, - "x": 6, - "y": 5 - }, - "id": 16, - "options": { - "displayLabels": [], - "legend": { - "displayMode": "table", - "placement": "right", - "showLegend": true, - "values": [ - "value", - "percent" - ] - }, - "pieType": "donut", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.2.5", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "sum by (username) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed .* user\" | pattern `<_> user <_> port` | __error__=\"\" [$__interval]))", - "hide": false, - "legendFormat": "{{ username }}", - "queryType": "range", - "refId": "A" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "sum by (username) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Failed\" !~\"invalid user\" | pattern `<_> for from <_> port` | __error__=\"\" [$__interval]))", - "hide": false, - "legendFormat": "{{ username }}", - "queryType": "range", - "refId": "B" - } - ], - "title": "Failed Attempt by User", - "transformations": [ - { - "id": "joinByLabels", - "options": { - "value": "username" - } - } - ], - "type": "piechart" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "gridPos": { - "h": 16, - "w": 12, - "x": 12, - "y": 5 - }, - "id": 9, - "options": { - "dedupStrategy": "signature", - "enableLogDetails": true, - "prettifyLogMessage": false, - "showCommonLabels": false, - "showLabels": false, - "showTime": false, - "sortOrder": "Descending", - "wrapLogMessage": false - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" ", - "queryType": "range", - "refId": "A" - } - ], - "title": "SSH Recent Log", - "type": "logs" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "fieldConfig": { - "defaults": { - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "filterable": true, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 14 - }, - "id": 22, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "frameIndex": 0, - "showHeader": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Accepted\" | pattern `<_> Accepted <_> for <_> from port <_>` | __error__=\"\" [$__interval]))", - "hide": false, - "legendFormat": "{{ ip }}", - "queryType": "range", - "refId": "A", - "resolution": 1 - } - ], - "title": "Session Opened by Unique IP", - "transformations": [ - { - "id": "labelsToFields", - "options": { - "mode": "rows" - } - }, - { - "id": "merge", - "options": {} - }, - { - "id": "organize", - "options": { - "excludeByName": { - "label": true - }, - "indexByName": {}, - "renameByName": { - "value": "IP" - } - } - } - ], - "type": "table" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "fieldConfig": { - "defaults": { - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "filterable": true, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 14 - }, - "id": 19, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "frameIndex": 0, - "showHeader": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" |~\".* from .*\" | pattern `<_> from port` | __error__=\"\" [$__interval]))", - "hide": false, - "legendFormat": "{{ ip }}", - "queryType": "range", - "refId": "A", - "resolution": 1 - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" !~\".* from .*\" | pattern `<_> user <_> port` | __error__=\"\" [$__interval]))", - "hide": false, - "legendFormat": "{{ ip }}", - "queryType": "range", - "refId": "B" - } - ], - "title": "Failed by Unique IP", - "transformations": [ - { - "id": "labelsToFields", - "options": { - "mode": "rows" - } - }, - { - "id": "merge", - "options": {} - }, - { - "id": "organize", - "options": { - "excludeByName": { - "label": true - }, - "indexByName": {}, - "renameByName": { - "value": "IP" - } - } - } - ], - "type": "table" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 21 - }, - "id": 11, - "panels": [], - "title": "Detailed Stats", - "type": "row" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "fieldConfig": { - "defaults": { - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "filterable": true, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 22 - }, - "id": 20, - "maxDataPoints": 1, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Accepted\" | pattern `<_> Accepted <_> for from port <_>` | __error__=\"\"", - "hide": false, - "legendFormat": "{{ ip }} {{ username }}", - "queryType": "range", - "refId": "A", - "resolution": 1 - } - ], - "title": "Session Opened by User and IP", - "transformations": [ - { - "id": "merge", - "options": {} - }, - { - "id": "extractFields", - "options": { - "format": "auto", - "replace": false, - "source": "labels" - } - }, - { - "id": "organize", - "options": { - "excludeByName": { - "Line": true, - "Time": false, - "env": true, - "filename": true, - "id": true, - "job": true, - "label": true, - "labels": true, - "tsNs": true - }, - "indexByName": {}, - "renameByName": { - "label": "", - "value": "" - } - } - }, - { - "id": "sortBy", - "options": { - "fields": {}, - "sort": [ - { - "desc": true, - "field": "Time" - } - ] - } - } - ], - "type": "table" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "filterable": true, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 22 - }, - "id": 23, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Failed .* user\" | pattern `<_> user from <_> port` | __error__=\"\"", - "hide": false, - "queryType": "range", - "refId": "A" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Failed\" !~\"invalid user\" | pattern `<_> for from port` | __error__=\"\"", - "hide": false, - "queryType": "range", - "refId": "B" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Connection closed by authenticating user\" | pattern `<_> user port` | __error__=\"\"", - "hide": false, - "queryType": "range", - "refId": "C" - } - ], - "title": "SSH Failure by User and IP", - "transformations": [ - { - "id": "merge", - "options": {} - }, - { - "id": "extractFields", - "options": { - "format": "auto", - "replace": false, - "source": "labels" - } - }, - { - "id": "organize", - "options": { - "excludeByName": { - "Line": true, - "env": true, - "filename": true, - "id": true, - "job": true, - "labels": true, - "tsNs": true - }, - "indexByName": {}, - "renameByName": { - "Time": "", - "env": "", - "instance": "", - "job": "", - "tsNs": "" - } - } - }, - { - "id": "sortBy", - "options": { - "fields": {}, - "sort": [ - { - "desc": true, - "field": "Time" - } - ] - } - } - ], - "type": "table" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "filterable": true, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 32 - }, - "id": 13, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user (` | username !~\".* by \" | __error__=\"\"", - "hide": false, - "queryType": "range", - "refId": "A" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user <_>` | username !~\".*(uid=.*)\" | __error__=\"\"", - "hide": false, - "queryType": "range", - "refId": "B" - } - ], - "title": "SSH Session Opened by User", - "transformations": [ - { - "id": "merge", - "options": {} - }, - { - "id": "extractFields", - "options": { - "format": "auto", - "replace": false, - "source": "labels" - } - }, - { - "id": "organize", - "options": { - "excludeByName": { - "Line": true, - "env": true, - "filename": true, - "id": true, - "job": true, - "labels": true, - "tsNs": true - }, - "indexByName": {}, - "renameByName": { - "Time": "", - "env": "", - "instance": "", - "job": "", - "tsNs": "" - } - } - }, - { - "id": "sortBy", - "options": { - "fields": {}, - "sort": [ - { - "desc": true, - "field": "Time" - } - ] - } - } - ], - "type": "table" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "filterable": true, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 32 - }, - "id": 14, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed .* user\" | pattern `<_> user <_> port` | __error__=\"\"", - "hide": false, - "queryType": "range", - "refId": "A" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Failed\" !~\"invalid user\" | pattern `<_> for from <_> port` | __error__=\"\"", - "hide": false, - "queryType": "range", - "refId": "B" - } - ], - "title": "SSH Failure by User", - "transformations": [ - { - "id": "merge", - "options": {} - }, - { - "id": "extractFields", - "options": { - "format": "auto", - "replace": false, - "source": "labels" - } - }, - { - "id": "organize", - "options": { - "excludeByName": { - "Line": true, - "env": true, - "filename": true, - "id": true, - "job": true, - "labels": true, - "tsNs": true - }, - "indexByName": {}, - "renameByName": { - "Time": "", - "env": "", - "instance": "", - "job": "", - "tsNs": "" - } - } - }, - { - "id": "sortBy", - "options": { - "fields": {}, - "sort": [ - { - "desc": true, - "field": "Time" - } - ] - } - } - ], - "type": "table" - } - ], - "refresh": "30s", - "revision": 2, - "schemaVersion": 39, - "tags": [ - "loki", - "linux", - "ssh" - ], - "templating": { - "list": [ - { - "current": { - "selected": false, - "text": "Loki", - "value": "P8E80F9AEF21F6940" - }, - "hide": 0, - "includeAll": false, - "label": "Datasource", - "multi": false, - "name": "datasource", - "options": [], - "query": "loki", - "queryValue": "", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - }, - { - "current": { - "selected": false, - "text": "filename", - "value": "filename" - }, - "datasource": { - "type": "loki", - "uid": "$datasource" - }, - "definition": "label_names()", - "hide": 0, - "includeAll": false, - "label": "Label Name", - "multi": false, - "name": "label_name", - "options": [], - "query": "label_names()", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "type": "query" - }, - { - "current": { - "selected": true, - "text": [ - "All" - ], - "value": [ - "$__all" - ] - }, - "datasource": { - "type": "loki", - "uid": "$datasource" - }, - "definition": "label_values($label_value)", - "hide": 0, - "includeAll": true, - "label": "Label Value", - "multi": true, - "name": "label_value", - "options": [], - "query": "label_values($label_name)", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "type": "query" - }, - { - "allValue": ".*", - "current": { - "selected": true, - "text": [ - "ssh-logs" - ], - "value": [ - "ssh-logs" - ] - }, - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "definition": "", - "hide": 0, - "includeAll": true, - "label": "Job", - "multi": true, - "name": "job", - "options": [], - "query": { - "label": "job", - "refId": "LokiVariableQueryEditor-VariableQuery", - "stream": "{$label_name=~\"$label_value\"}", - "type": 1 - }, - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "type": "query" - }, - { - "allValue": ".*", - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "definition": "", - "hide": 0, - "includeAll": true, - "label": "Instance", - "multi": true, - "name": "instance", - "options": [], - "query": { - "label": "instance", - "refId": "LokiVariableQueryEditor-VariableQuery", - "stream": "{$label_name=~\"$label_value\"}", - "type": 1 - }, - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "type": "query" - } - ] - }, - "time": { - "from": "now-24h", - "to": "now" - }, - "timepicker": { - "hidden": true, - "refresh_intervals": [ - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "browser", - "title": "SSH Logs", - "uid": "OMEuTfqVk", - "version": 5, - "weekStart": "" - } \ No newline at end of file diff --git a/grafana/provisioning/dashboards.yaml b/grafana/provisioning/dashboards.yaml new file mode 100644 index 0000000..006b093 --- /dev/null +++ b/grafana/provisioning/dashboards.yaml @@ -0,0 +1,11 @@ +apiVersion: 1 + +providers: + - name: 'default' + orgId: 1 + folder: '' + type: file + disableDeletion: false + updateIntervalSeconds: 10 + options: + path: /etc/grafana/provisioning/dashboards diff --git a/grafana/provisioning/dashboards/ssh-dashboard.json b/grafana/provisioning/dashboards/ssh-dashboard.json index bd19f8c..37ac651 100644 --- a/grafana/provisioning/dashboards/ssh-dashboard.json +++ b/grafana/provisioning/dashboards/ssh-dashboard.json @@ -1,1577 +1,1563 @@ { - "annotations": { - "list": [ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "Loki v2 SSH Logs", + "editable": true, + "fiscalYearStartMonth": 0, + "gnetId": 17514, + "graphTooltip": 0, + "id": 2, + "links": [], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 5, + "panels": [], + "title": "SSH - Total Stats", + "type": "row" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "index": 0, + "text": "0" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "purple", + "value": null + } + ] + }, + "unit": "short", + "unitScale": true + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 0, + "y": 1 + }, + "id": 2, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "sum" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.3.1", + "targets": [ { - "builtIn": 1, "datasource": { - "type": "grafana", - "uid": "-- Grafana --" + "type": "loki", + "uid": "P8E80F9AEF21F6940" }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" + "editorMode": "code", + "expr": "sum by(instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | __error__=\"\" [$__interval]))", + "queryType": "range", + "refId": "A" + } + ], + "title": "Total Opened Connection", + "type": "stat" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "index": 0, + "text": "0" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "purple", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] }, - "type": "dashboard" + "unit": "short", + "unitScale": true + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 6, + "y": 1 + }, + "id": 3, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "sum" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "code", + "expr": "sum by(instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Failed|: Invalid|: Connection closed by authenticating user\" | __error__=\"\" [$__interval]))", + "hide": false, + "queryType": "range", + "refId": "A" + } + ], + "title": "Total Failed Connection", + "transformations": [ + { + "id": "merge", + "options": {} } - ] + ], + "type": "stat" }, - "description": "Loki v2 SSH Logs", - "editable": true, - "fiscalYearStartMonth": 0, - "gnetId": 17514, - "graphTooltip": 0, - "id": 1, - "links": [], - "liveNow": false, - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 5, - "panels": [], - "title": "SSH - Total Stats", - "type": "row" + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" + "fieldConfig": { + "defaults": { + "mappings": [ + { + "options": { + "match": "null", + "result": { + "index": 0, + "text": "0" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "purple", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + }, + "unit": "short", + "unitScale": true }, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 9, + "y": 1 + }, + "id": 21, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "count" + ], + "fields": "/^IP$/", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "code", + "expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" |~\".* from .*\" | pattern `<_> from port` | __error__=\"\" [$__interval]))", + "hide": false, + "legendFormat": "{{ ip }}", + "queryType": "range", + "refId": "A", + "resolution": 1 + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "code", + "expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" !~\".* from .*\" | pattern `<_> user <_> port` | __error__=\"\" [$__interval]))", + "hide": false, + "legendFormat": "{{ ip }}", + "queryType": "range", + "refId": "B" + } + ], + "title": "Total Failed - Unique IP", + "transformations": [ + { + "id": "labelsToFields", + "options": { + "mode": "rows", + "valueLabel": "ip" + } + }, + { + "id": "merge", + "options": {} + }, + { + "id": "organize", + "options": { + "excludeByName": { + "178.40.119.51": false, + "194.154.240.221": false, + "label": true }, - "mappings": [ + "indexByName": {}, + "renameByName": { + "value": "IP" + } + } + } + ], + "type": "stat" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "index": 0, + "text": "0" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ { - "options": { - "match": "null", - "result": { - "index": 0, - "text": "0" - } - }, - "type": "special" + "color": "orange", + "value": null } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "purple", - "value": null + ] + }, + "unit": "short", + "unitScale": true + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 12, + "y": 1 + }, + "id": 6, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "sum" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "code", + "expr": "count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" | __error__=\"\" [$__interval])", + "queryType": "range", + "refId": "A" + } + ], + "title": "SSH Log Lines", + "type": "stat" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "index": 0, + "text": "0" } - ] - }, - "unit": "short", - "unitScale": true + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "orange", + "value": null + } + ] + }, + "unit": "decbytes", + "unitScale": true + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 15, + "y": 1 + }, + "id": 7, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "sum" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 1 - }, - "id": 2, - "options": { - "colorMode": "background", - "graphMode": "none", - "justifyMode": "center", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false + "editorMode": "code", + "expr": "bytes_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" | __error__=\"\" [$__interval])", + "queryType": "range", + "refId": "A" + } + ], + "title": "SSH Log in bytes", + "type": "stat" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "sum by(instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | __error__=\"\" [$__interval]))", - "queryType": "range", - "refId": "A" - } - ], - "title": "Total Opened Connection", - "type": "stat" + "mappings": [], + "unitScale": true + }, + "overrides": [] }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" + "gridPos": { + "h": 9, + "w": 6, + "x": 0, + "y": 5 + }, + "id": 15, + "options": { + "displayLabels": [], + "legend": { + "displayMode": "table", + "placement": "right", + "showLegend": true, + "values": [ + "value", + "percent" + ] + }, + "pieType": "donut", + "reduceOptions": { + "calcs": [ + "sum" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.2.5", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "code", + "expr": "sum by (username) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user (` | username !~\".* by \" | __error__=\"\" [$__interval]))", + "hide": false, + "legendFormat": "{{ username }}", + "queryType": "range", + "refId": "A" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "code", + "expr": "sum by (username) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user <_>` | username !~\".*(uid=.*)\" | __error__=\"\" [$__interval]))", + "hide": false, + "legendFormat": "{{ username }}", + "queryType": "range", + "refId": "B" + } + ], + "title": "Session Opened by User", + "transformations": [], + "type": "piechart" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "unitScale": true + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 6, + "x": 6, + "y": 5 + }, + "id": 16, + "options": { + "displayLabels": [], + "legend": { + "displayMode": "table", + "placement": "right", + "showLegend": true, + "values": [ + "value", + "percent" + ] + }, + "pieType": "donut", + "reduceOptions": { + "calcs": [ + "sum" + ], + "fields": "", + "values": false }, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.2.5", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "code", + "expr": "sum by (username) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed .* user\" | pattern `<_> user <_> port` | __error__=\"\" [$__interval]))", + "hide": false, + "legendFormat": "{{ username }}", + "queryType": "range", + "refId": "A" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "code", + "expr": "sum by (username) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Failed\" !~\"invalid user\" | pattern `<_> for from <_> port` | __error__=\"\" [$__interval]))", + "hide": false, + "legendFormat": "{{ username }}", + "queryType": "range", + "refId": "B" + } + ], + "title": "Failed Attempt by User", + "transformations": [ + { + "id": "joinByLabels", + "options": { + "value": "username" + } + } + ], + "type": "piechart" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "gridPos": { + "h": 16, + "w": 12, + "x": 12, + "y": 5 + }, + "id": 9, + "options": { + "dedupStrategy": "signature", + "enableLogDetails": true, + "prettifyLogMessage": false, + "showCommonLabels": false, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": false + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "code", + "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" ", + "queryType": "range", + "refId": "A" + } + ], + "title": "SSH Recent Log", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" }, - "mappings": [ + "filterable": true, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ { - "options": { - "match": "null", - "result": { - "index": 0, - "text": "0" - } - }, - "type": "special" + "color": "green", + "value": null } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "purple", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - }, - "unit": "short", - "unitScale": true + ] }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 6, - "y": 1 - }, - "id": 3, - "options": { - "colorMode": "background", - "graphMode": "none", - "justifyMode": "center", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false + "unitScale": true + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 0, + "y": 14 + }, + "id": 22, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "frameIndex": 0, + "showHeader": true + }, + "pluginVersion": "10.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "sum by(instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Failed|: Invalid|: Connection closed by authenticating user\" | __error__=\"\" [$__interval]))", - "hide": false, - "queryType": "range", - "refId": "A" + "editorMode": "code", + "expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Accepted\" | pattern `<_> Accepted <_> for <_> from port <_>` | __error__=\"\" [$__interval]))", + "hide": false, + "legendFormat": "{{ ip }}", + "queryType": "range", + "refId": "A", + "resolution": 1 + } + ], + "title": "Session Opened by Unique IP", + "transformations": [ + { + "id": "labelsToFields", + "options": { + "mode": "rows" } - ], - "title": "Total Failed Connection", - "transformations": [ - { - "id": "merge", - "options": {} + }, + { + "id": "merge", + "options": {} + }, + { + "id": "organize", + "options": { + "excludeByName": { + "label": true + }, + "indexByName": {}, + "renameByName": { + "value": "IP" + } } - ], - "type": "stat" + } + ], + "type": "table" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "fieldConfig": { - "defaults": { - "mappings": [ + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ { - "options": { - "match": "null", - "result": { - "index": 0, - "text": "0" - } - }, - "type": "special" + "color": "green", + "value": null } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "purple", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - }, - "unit": "short", - "unitScale": true + ] }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 9, - "y": 1 - }, - "id": 21, - "options": { - "colorMode": "background", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "count" - ], - "fields": "/^IP$/", - "values": false + "unitScale": true + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 6, + "y": 14 + }, + "id": 19, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "frameIndex": 0, + "showHeader": true + }, + "pluginVersion": "10.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" |~\".* from .*\" | pattern `<_> from port` | __error__=\"\" [$__interval]))", - "hide": false, - "legendFormat": "{{ ip }}", - "queryType": "range", - "refId": "A", - "resolution": 1 + "editorMode": "code", + "expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" |~\".* from .*\" | pattern `<_> from port` | __error__=\"\" [$__interval]))", + "hide": false, + "legendFormat": "{{ ip }}", + "queryType": "range", + "refId": "A", + "resolution": 1 + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" !~\".* from .*\" | pattern `<_> user <_> port` | __error__=\"\" [$__interval]))", - "hide": false, - "legendFormat": "{{ ip }}", - "queryType": "range", - "refId": "B" + "editorMode": "code", + "expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" !~\".* from .*\" | pattern `<_> user <_> port` | __error__=\"\" [$__interval]))", + "hide": false, + "legendFormat": "{{ ip }}", + "queryType": "range", + "refId": "B" + } + ], + "title": "Failed by Unique IP", + "transformations": [ + { + "id": "labelsToFields", + "options": { + "mode": "rows" } - ], - "title": "Total Failed - Unique IP", - "transformations": [ - { - "id": "labelsToFields", - "options": { - "mode": "rows", - "valueLabel": "ip" + }, + { + "id": "merge", + "options": {} + }, + { + "id": "organize", + "options": { + "excludeByName": { + "label": true + }, + "indexByName": {}, + "renameByName": { + "value": "IP" } + } + } + ], + "type": "table" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 21 + }, + "id": 11, + "panels": [], + "title": "Detailed Stats", + "type": "row" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false }, - { - "id": "merge", - "options": {} - }, - { - "id": "organize", - "options": { - "excludeByName": { - "178.40.119.51": false, - "194.154.240.221": false, - "label": true - }, - "indexByName": {}, - "renameByName": { - "value": "IP" + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null } - } - } - ], - "type": "stat" + ] + }, + "unitScale": true + }, + "overrides": [] }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 22 + }, + "id": 20, + "maxDataPoints": 1, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "10.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "code", + "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Accepted\" | pattern `<_> Accepted <_> for from port <_>` | __error__=\"\"", + "hide": false, + "legendFormat": "{{ ip }} {{ username }}", + "queryType": "range", + "refId": "A", + "resolution": 1 + } + ], + "title": "Session Opened by User and IP", + "transformations": [ + { + "id": "merge", + "options": {} + }, + { + "id": "extractFields", + "options": { + "format": "auto", + "replace": false, + "source": "labels" + } }, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" + { + "id": "organize", + "options": { + "excludeByName": { + "Line": true, + "Time": false, + "env": true, + "filename": true, + "id": true, + "job": true, + "label": true, + "labels": true, + "tsNs": true }, - "mappings": [ + "indexByName": {}, + "renameByName": { + "label": "", + "value": "" + } + } + }, + { + "id": "sortBy", + "options": { + "fields": {}, + "sort": [ { - "options": { - "match": "null", - "result": { - "index": 0, - "text": "0" - } - }, - "type": "special" + "desc": true, + "field": "Time" } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "orange", - "value": null - } - ] + ] + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" }, - "unit": "short", - "unitScale": true + "filterable": true, + "inspect": false }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 12, - "y": 1 - }, - "id": 6, - "options": { - "colorMode": "background", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" | __error__=\"\" [$__interval])", - "queryType": "range", - "refId": "A" - } - ], - "title": "SSH Log Lines", - "type": "stat" + "unitScale": true + }, + "overrides": [] }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 22 + }, + "id": 23, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "10.3.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "code", + "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Failed .* user\" | pattern `<_> user from <_> port` | __error__=\"\"", + "hide": false, + "queryType": "range", + "refId": "A" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "code", + "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Failed\" !~\"invalid user\" | pattern `<_> for from port` | __error__=\"\"", + "hide": false, + "queryType": "range", + "refId": "B" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "editorMode": "code", + "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Connection closed by authenticating user\" | pattern `<_> user port` | __error__=\"\"", + "hide": false, + "queryType": "range", + "refId": "C" + } + ], + "title": "SSH Failure by User and IP", + "transformations": [ + { + "id": "merge", + "options": {} + }, + { + "id": "extractFields", + "options": { + "format": "auto", + "replace": false, + "source": "labels" + } }, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" + { + "id": "organize", + "options": { + "excludeByName": { + "Line": true, + "env": true, + "filename": true, + "id": true, + "job": true, + "labels": true, + "tsNs": true }, - "mappings": [ + "indexByName": {}, + "renameByName": { + "Time": "", + "env": "", + "instance": "", + "job": "", + "tsNs": "" + } + } + }, + { + "id": "sortBy", + "options": { + "fields": {}, + "sort": [ { - "options": { - "match": "null", - "result": { - "index": 0, - "text": "0" - } - }, - "type": "special" + "desc": true, + "field": "Time" } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "orange", - "value": null - } - ] - }, - "unit": "decbytes", - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 15, - "y": 1 - }, - "id": 7, - "options": { - "colorMode": "background", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "bytes_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" | __error__=\"\" [$__interval])", - "queryType": "range", - "refId": "A" + ] } - ], - "title": "SSH Log in bytes", - "type": "stat" + } + ], + "type": "table" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - } + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" }, - "mappings": [], - "unitScale": true + "filterable": true, + "inspect": false }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 6, - "x": 0, - "y": 5 - }, - "id": 15, - "options": { - "displayLabels": [], - "legend": { - "displayMode": "table", - "placement": "right", - "showLegend": true, - "values": [ - "value", - "percent" + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } ] - }, - "pieType": "donut", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false - }, - "tooltip": { - "mode": "multi", - "sort": "none" } }, - "pluginVersion": "9.2.5", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "sum by (username) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user (` | username !~\".* by \" | __error__=\"\" [$__interval]))", - "hide": false, - "legendFormat": "{{ username }}", - "queryType": "range", - "refId": "A" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "sum by (username) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user <_>` | username !~\".*(uid=.*)\" | __error__=\"\" [$__interval]))", - "hide": false, - "legendFormat": "{{ username }}", - "queryType": "range", - "refId": "B" - } - ], - "title": "Session Opened by User", - "transformations": [], - "type": "piechart" + "overrides": [] }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 32 + }, + "id": 13, + "options": { + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - } - }, - "mappings": [], - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 6, - "x": 6, - "y": 5 - }, - "id": 16, - "options": { - "displayLabels": [], - "legend": { - "displayMode": "table", - "placement": "right", - "showLegend": true, - "values": [ - "value", - "percent" - ] + "showHeader": true + }, + "pluginVersion": "9.2.5", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" }, - "pieType": "donut", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false + "editorMode": "code", + "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user (` | username !~\".* by \" | __error__=\"\"", + "hide": false, + "queryType": "range", + "refId": "A" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" }, - "tooltip": { - "mode": "multi", - "sort": "none" + "editorMode": "code", + "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user <_>` | username !~\".*(uid=.*)\" | __error__=\"\"", + "hide": false, + "queryType": "range", + "refId": "B" + } + ], + "title": "SSH Session Opened by User", + "transformations": [ + { + "id": "merge", + "options": {} + }, + { + "id": "extractFields", + "options": { + "format": "auto", + "replace": false, + "source": "labels" } }, - "pluginVersion": "9.2.5", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "sum by (username) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed .* user\" | pattern `<_> user <_> port` | __error__=\"\" [$__interval]))", - "hide": false, - "legendFormat": "{{ username }}", - "queryType": "range", - "refId": "A" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" + { + "id": "organize", + "options": { + "excludeByName": { + "Line": true, + "env": true, + "filename": true, + "id": true, + "job": true, + "labels": true, + "tsNs": true }, - "editorMode": "code", - "expr": "sum by (username) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Failed\" !~\"invalid user\" | pattern `<_> for from <_> port` | __error__=\"\" [$__interval]))", - "hide": false, - "legendFormat": "{{ username }}", - "queryType": "range", - "refId": "B" - } - ], - "title": "Failed Attempt by User", - "transformations": [ - { - "id": "joinByLabels", - "options": { - "value": "username" + "indexByName": {}, + "renameByName": { + "Time": "", + "env": "", + "instance": "", + "job": "", + "tsNs": "" } } - ], - "type": "piechart" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" }, - "gridPos": { - "h": 16, - "w": 12, - "x": 12, - "y": 5 - }, - "id": 9, - "options": { - "dedupStrategy": "signature", - "enableLogDetails": true, - "prettifyLogMessage": false, - "showCommonLabels": false, - "showLabels": false, - "showTime": false, - "sortOrder": "Descending", - "wrapLogMessage": false - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" ", - "queryType": "range", - "refId": "A" + { + "id": "sortBy", + "options": { + "fields": {}, + "sort": [ + { + "desc": true, + "field": "Time" + } + ] } - ], - "title": "SSH Recent Log", - "type": "logs" + } + ], + "type": "table" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "fieldConfig": { - "defaults": { - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "filterable": true, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 14 - }, - "id": 22, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "frameIndex": 0, - "showHeader": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" }, - "editorMode": "code", - "expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Accepted\" | pattern `<_> Accepted <_> for <_> from port <_>` | __error__=\"\" [$__interval]))", - "hide": false, - "legendFormat": "{{ ip }}", - "queryType": "range", - "refId": "A", - "resolution": 1 - } - ], - "title": "Session Opened by Unique IP", - "transformations": [ - { - "id": "labelsToFields", - "options": { - "mode": "rows" - } + "filterable": true, + "inspect": false }, - { - "id": "merge", - "options": {} - }, - { - "id": "organize", - "options": { - "excludeByName": { - "label": true - }, - "indexByName": {}, - "renameByName": { - "value": "IP" + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" } - } + ] } - ], - "type": "table" + }, + "overrides": [] }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 32 + }, + "id": 14, + "options": { + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false }, - "fieldConfig": { - "defaults": { - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "filterable": true, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 14 - }, - "id": 19, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false + "showHeader": true + }, + "pluginVersion": "9.2.5", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" }, - "frameIndex": 0, - "showHeader": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" |~\".* from .*\" | pattern `<_> from port` | __error__=\"\" [$__interval]))", - "hide": false, - "legendFormat": "{{ ip }}", - "queryType": "range", - "refId": "A", - "resolution": 1 + "editorMode": "code", + "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed .* user\" | pattern `<_> user <_> port` | __error__=\"\"", + "hide": false, + "queryType": "range", + "refId": "A" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" !~\".* from .*\" | pattern `<_> user <_> port` | __error__=\"\" [$__interval]))", - "hide": false, - "legendFormat": "{{ ip }}", - "queryType": "range", - "refId": "B" + "editorMode": "code", + "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Failed\" !~\"invalid user\" | pattern `<_> for from <_> port` | __error__=\"\"", + "hide": false, + "queryType": "range", + "refId": "B" + } + ], + "title": "SSH Failure by User", + "transformations": [ + { + "id": "merge", + "options": {} + }, + { + "id": "extractFields", + "options": { + "format": "auto", + "replace": false, + "source": "labels" } - ], - "title": "Failed by Unique IP", - "transformations": [ - { - "id": "labelsToFields", - "options": { - "mode": "rows" + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Line": true, + "env": true, + "filename": true, + "id": true, + "job": true, + "labels": true, + "tsNs": true + }, + "indexByName": {}, + "renameByName": { + "Time": "", + "env": "", + "instance": "", + "job": "", + "tsNs": "" } - }, - { - "id": "merge", - "options": {} - }, - { - "id": "organize", - "options": { - "excludeByName": { - "label": true - }, - "indexByName": {}, - "renameByName": { - "value": "IP" + } + }, + { + "id": "sortBy", + "options": { + "fields": {}, + "sort": [ + { + "desc": true, + "field": "Time" } - } + ] } - ], - "type": "table" - }, + } + ], + "type": "table" + } + ], + "refresh": "1m", + "revision": 2, + "schemaVersion": 39, + "tags": [ + "loki", + "linux", + "ssh" + ], + "templating": { + "list": [ { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 21 - }, - "id": 11, - "panels": [], - "title": "Detailed Stats", - "type": "row" + "current": { + "selected": false, + "text": "Loki", + "value": "P8E80F9AEF21F6940" + }, + "hide": 0, + "includeAll": false, + "label": "Datasource", + "multi": false, + "name": "datasource", + "options": [], + "query": "loki", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" }, { + "current": { + "selected": false, + "text": "filename", + "value": "filename" + }, "datasource": { "type": "loki", - "uid": "P8E80F9AEF21F6940" + "uid": "$datasource" }, - "fieldConfig": { - "defaults": { - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "filterable": true, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 22 - }, - "id": 20, - "maxDataPoints": 1, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Accepted\" | pattern `<_> Accepted <_> for from port <_>` | __error__=\"\"", - "hide": false, - "legendFormat": "{{ ip }} {{ username }}", - "queryType": "range", - "refId": "A", - "resolution": 1 - } - ], - "title": "Session Opened by User and IP", - "transformations": [ - { - "id": "merge", - "options": {} - }, - { - "id": "extractFields", - "options": { - "format": "auto", - "replace": false, - "source": "labels" - } - }, - { - "id": "organize", - "options": { - "excludeByName": { - "Line": true, - "Time": false, - "env": true, - "filename": true, - "id": true, - "job": true, - "label": true, - "labels": true, - "tsNs": true - }, - "indexByName": {}, - "renameByName": { - "label": "", - "value": "" - } - } - }, - { - "id": "sortBy", - "options": { - "fields": {}, - "sort": [ - { - "desc": true, - "field": "Time" - } - ] - } - } - ], - "type": "table" + "definition": "label_names()", + "hide": 0, + "includeAll": false, + "label": "Label Name", + "multi": false, + "name": "label_name", + "options": [], + "query": "label_names()", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" }, { + "current": { + "selected": true, + "text": [ + "All" + ], + "value": [ + "$__all" + ] + }, "datasource": { "type": "loki", - "uid": "P8E80F9AEF21F6940" + "uid": "$datasource" }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "filterable": true, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 22 - }, - "id": 23, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Failed .* user\" | pattern `<_> user from <_> port` | __error__=\"\"", - "hide": false, - "queryType": "range", - "refId": "A" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Failed\" !~\"invalid user\" | pattern `<_> for from port` | __error__=\"\"", - "hide": false, - "queryType": "range", - "refId": "B" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Connection closed by authenticating user\" | pattern `<_> user port` | __error__=\"\"", - "hide": false, - "queryType": "range", - "refId": "C" - } - ], - "title": "SSH Failure by User and IP", - "transformations": [ - { - "id": "merge", - "options": {} - }, - { - "id": "extractFields", - "options": { - "format": "auto", - "replace": false, - "source": "labels" - } - }, - { - "id": "organize", - "options": { - "excludeByName": { - "Line": true, - "env": true, - "filename": true, - "id": true, - "job": true, - "labels": true, - "tsNs": true - }, - "indexByName": {}, - "renameByName": { - "Time": "", - "env": "", - "instance": "", - "job": "", - "tsNs": "" - } - } - }, - { - "id": "sortBy", - "options": { - "fields": {}, - "sort": [ - { - "desc": true, - "field": "Time" - } - ] - } - } - ], - "type": "table" + "definition": "label_values($label_value)", + "hide": 0, + "includeAll": true, + "label": "Label Value", + "multi": true, + "name": "label_value", + "options": [], + "query": "label_values($label_name)", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "type": "query" }, { + "allValue": ".*", + "current": { + "selected": true, + "text": [ + "All" + ], + "value": [ + "$__all" + ] + }, "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "filterable": true, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 32 - }, - "id": 13, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user (` | username !~\".* by \" | __error__=\"\"", - "hide": false, - "queryType": "range", - "refId": "A" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user <_>` | username !~\".*(uid=.*)\" | __error__=\"\"", - "hide": false, - "queryType": "range", - "refId": "B" - } - ], - "title": "SSH Session Opened by User", - "transformations": [ - { - "id": "merge", - "options": {} - }, - { - "id": "extractFields", - "options": { - "format": "auto", - "replace": false, - "source": "labels" - } - }, - { - "id": "organize", - "options": { - "excludeByName": { - "Line": true, - "env": true, - "filename": true, - "id": true, - "job": true, - "labels": true, - "tsNs": true - }, - "indexByName": {}, - "renameByName": { - "Time": "", - "env": "", - "instance": "", - "job": "", - "tsNs": "" - } - } - }, - { - "id": "sortBy", - "options": { - "fields": {}, - "sort": [ - { - "desc": true, - "field": "Time" - } - ] - } - } - ], - "type": "table" + "definition": "", + "hide": 0, + "includeAll": true, + "label": "Job", + "multi": true, + "name": "job", + "options": [], + "query": { + "label": "job", + "refId": "LokiVariableQueryEditor-VariableQuery", + "stream": "{$label_name=~\"$label_value\"}", + "type": 1 + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" }, { + "allValue": ".*", + "current": { + "selected": true, + "text": [ + "All" + ], + "value": [ + "$__all" + ] + }, "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "filterable": true, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 32 - }, - "id": 14, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true - }, - "pluginVersion": "10.3.1", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed .* user\" | pattern `<_> user <_> port` | __error__=\"\"", - "hide": false, - "queryType": "range", - "refId": "A" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Failed\" !~\"invalid user\" | pattern `<_> for from <_> port` | __error__=\"\"", - "hide": false, - "queryType": "range", - "refId": "B" - } - ], - "title": "SSH Failure by User", - "transformations": [ - { - "id": "merge", - "options": {} - }, - { - "id": "extractFields", - "options": { - "format": "auto", - "replace": false, - "source": "labels" - } - }, - { - "id": "organize", - "options": { - "excludeByName": { - "Line": true, - "env": true, - "filename": true, - "id": true, - "job": true, - "labels": true, - "tsNs": true - }, - "indexByName": {}, - "renameByName": { - "Time": "", - "env": "", - "instance": "", - "job": "", - "tsNs": "" - } - } - }, - { - "id": "sortBy", - "options": { - "fields": {}, - "sort": [ - { - "desc": true, - "field": "Time" - } - ] - } - } - ], - "type": "table" - } - ], - "refresh": "30s", - "revision": 2, - "schemaVersion": 39, - "tags": [ - "loki", - "linux", - "ssh" - ], - "templating": { - "list": [ - { - "current": { - "selected": false, - "text": "Loki", - "value": "P8E80F9AEF21F6940" - }, - "hide": 0, - "includeAll": false, - "label": "Datasource", - "multi": false, - "name": "datasource", - "options": [], - "query": "loki", - "queryValue": "", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - }, - { - "current": { - "selected": false, - "text": "filename", - "value": "filename" - }, - "datasource": { - "type": "loki", - "uid": "$datasource" - }, - "definition": "label_names()", - "hide": 0, - "includeAll": false, - "label": "Label Name", - "multi": false, - "name": "label_name", - "options": [], - "query": "label_names()", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "type": "query" - }, - { - "current": { - "selected": true, - "text": [ - "All" - ], - "value": [ - "$__all" - ] - }, - "datasource": { - "type": "loki", - "uid": "$datasource" - }, - "definition": "label_values($label_value)", - "hide": 0, - "includeAll": true, - "label": "Label Value", - "multi": true, - "name": "label_value", - "options": [], - "query": "label_values($label_name)", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "type": "query" - }, - { - "allValue": ".*", - "current": { - "selected": true, - "text": [ - "ssh-logs" - ], - "value": [ - "ssh-logs" - ] - }, - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "definition": "", - "hide": 0, - "includeAll": true, - "label": "Job", - "multi": true, - "name": "job", - "options": [], - "query": { - "label": "job", - "refId": "LokiVariableQueryEditor-VariableQuery", - "stream": "{$label_name=~\"$label_value\"}", - "type": 1 - }, - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "type": "query" + "definition": "", + "hide": 0, + "includeAll": true, + "label": "Instance", + "multi": true, + "name": "instance", + "options": [], + "query": { + "label": "instance", + "refId": "LokiVariableQueryEditor-VariableQuery", + "stream": "{$label_name=~\"$label_value\"}", + "type": 1 }, - { - "allValue": ".*", - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "definition": "", - "hide": 0, - "includeAll": true, - "label": "Instance", - "multi": true, - "name": "instance", - "options": [], - "query": { - "label": "instance", - "refId": "LokiVariableQueryEditor-VariableQuery", - "stream": "{$label_name=~\"$label_value\"}", - "type": 1 - }, - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "type": "query" - } - ] - }, - "time": { - "from": "now-24h", - "to": "now" - }, - "timepicker": { - "hidden": true, - "refresh_intervals": [ - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "browser", - "title": "SSH Logs", - "uid": "OMEuTfqVk", - "version": 5, - "weekStart": "" - } \ No newline at end of file + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "SSH Logs", + "uid": "OMEuTfqVk5", + "version": 2, + "weekStart": "" +} \ No newline at end of file diff --git a/loki/config/config.yml b/loki/config/config.yml index 5b2117f..bc5e801 100644 --- a/loki/config/config.yml +++ b/loki/config/config.yml @@ -2,10 +2,14 @@ auth_enabled: false server: http_listen_port: 3100 - # HTTPS /TLS - # http_tls_config: &tls_server_config - # cert_file: /etc/loki/cert.pem - # key_file: /etc/loki/key.pem + +# DISTANT TLS + # grpc_listen_port: 9096 + # http_tls_config: + # cert_file: /etc/loki/cert/loki.server.crt + # key_file: /etc/loki/cert/server.key + # client_auth_type: RequireAndVerifyClientCert + # client_ca_file: /etc/loki/cert/ca.crt common: path_prefix: /loki diff --git a/promtail/config.yml b/promtail/config.yml index ecc57b7..3fd8636 100644 --- a/promtail/config.yml +++ b/promtail/config.yml @@ -32,12 +32,15 @@ positions: clients: # LOCAL - url: http://loki:3100/loki/api/v1/push + # DISTANT WITH TLS - # - url: http:///loki/api/v1/push - # tls_config: - # ca_file: /etc/loki/certs/ca.crt - # cert_file: /etc/loki/certs/cert.pem - # key_file: /etc/loki/certs/key.pem + # - url: https://loki-dns-serveur:3100/loki/api/v1/push + # tls_config: + # ca_file: /etc/loki/cert/ca.crt + # cert_file: /etc/loki/cert/promtail.client.crt + # key_file: /etc/loki/cert/client.key + # server_name: lokiserver.com + # insecure_skip_verify: false