Skip to content

Instantly share code, notes, and snippets.

@qistoph

qistoph/Grafana - Crowdsec.json

Created July 21, 2024 19:06
Show Gist options
  • Save qistoph/82b3beecffe2914694eb7f4b7d465047 to your computer and use it in GitHub Desktop.
Save qistoph/82b3beecffe2914694eb7f4b7d465047 to your computer and use it in GitHub Desktop.
Download ZIP
Crowdsec - Grafana Dashboard and Telegraf/InfluxDB import
Raw
Grafana - Crowdsec.json
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "datasource",
"uid": "grafana"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
},
"description": "Display logs shipped from the crowdsec agent via telegraf to influxdb",
"editable": true,
"fiscalYearStartMonth": 0,
"gnetId": 16051,
"graphTooltip": 0,
"id": 19,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 14,
"w": 12,
"x": 0,
"y": 0
},
"id": 21,
"options": {
"basemap": {
"config": {},
"name": "Layer 0",
"type": "default"
},
"controls": {
"mouseWheelZoom": true,
"showAttribution": true,
"showDebug": false,
"showMeasure": false,
"showScale": false,
"showZoom": true
},
"layers": [
{
"config": {
"showLegend": false,
"style": {
"color": {
"fixed": "dark-red"
},
"opacity": 0.3,
"rotation": {
"fixed": 0,
"max": 360,
"min": -360,
"mode": "mod"
},
"size": {
"field": "count",
"fixed": 5,
"max": 30,
"min": 2
},
"symbol": {
"fixed": "img/icons/marker/circle.svg",
"mode": "fixed"
},
"symbolAlign": {
"horizontal": "center",
"vertical": "center"
},
"text": {
"field": "country_code",
"fixed": "",
"mode": "field"
},
"textConfig": {
"fontSize": 12,
"offsetX": 0,
"offsetY": 0,
"textAlign": "center",
"textBaseline": "middle"
}
}
},
"filterData": {
"id": "byRefId",
"options": "A"
},
"location": {
"gazetteer": "public/gazetteer/countries.json",
"lookup": "country_code",
"mode": "lookup"
},
"name": "Bans",
"tooltip": true,
"type": "markers"
}
],
"tooltip": {
"mode": "details"
},
"view": {
"allLayers": true,
"id": "coords",
"lat": 46.870454,
"lon": 7.225354,
"zoom": 1.69
}
},
"pluginVersion": "11.1.0",
"targets": [
{
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"groupBy": [
{
"params": [
"country_code::tag"
],
"type": "tag"
}
],
"measurement": "crowdseclog",
"orderByTime": "ASC",
"policy": "default",
"refId": "A",
"resultFormat": "table",
"select": [
[
{
"params": [
"ban_length"
],
"type": "field"
},
{
"params": [],
"type": "count"
}
]
],
"tags": []
}
],
"title": "IP bans per country of origin",
"type": "geomap"
},
{
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"description": "IPs banned per ASN",
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"displayName": "${__series.name}",
"mappings": [],
"thresholds": {
"mode": "percentage",
"steps": [
{
"color": "orange",
"value": null
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 14,
"w": 12,
"x": 12,
"y": 0
},
"id": 6,
"maxDataPoints": 1,
"options": {
"displayMode": "lcd",
"maxVizHeight": 300,
"minVizHeight": 10,
"minVizWidth": 0,
"namePlacement": "auto",
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"showUnfilled": true,
"sizing": "auto",
"text": {},
"valueMode": "color"
},
"pluginVersion": "11.1.0",
"targets": [
{
"alias": "ASN: $tag_asn ($tag_country_code)",
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"groupBy": [
{
"params": [
"asn"
],
"type": "tag"
},
{
"params": [
"country_code"
],
"type": "tag"
}
],
"measurement": "crowdseclog",
"orderByTime": "ASC",
"policy": "default",
"refId": "A",
"resultFormat": "time_series",
"select": [
[
{
"params": [
"ban_length"
],
"type": "field"
},
{
"params": [],
"type": "count"
}
]
],
"tags": []
}
],
"title": "Top ASNs (IPs banned) ",
"type": "bargauge"
},
{
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 10,
"w": 12,
"x": 0,
"y": 14
},
"id": 20,
"maxDataPoints": 20,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"percentChangeColorMode": "standard",
"reduceOptions": {
"calcs": [
"sum"
],
"fields": "",
"values": false
},
"showPercentChange": false,
"textMode": "value_and_name",
"wideLayout": true
},
"pluginVersion": "11.1.0",
"targets": [
{
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"groupBy": [
{
"params": [
"$__interval"
],
"type": "time"
},
{
"params": [
"country_code"
],
"type": "tag"
}
],
"measurement": "crowdseclog",
"orderByTime": "ASC",
"policy": "default",
"refId": "A",
"resultFormat": "time_series",
"select": [
[
{
"params": [
"ban_length"
],
"type": "field"
},
{
"params": [],
"type": "count"
}
]
],
"tags": []
}
],
"title": "Attack Origin",
"transformations": [
{
"id": "renameByRegex",
"options": {
"regex": ".*country_code:\\s(\\S+)\\s*}",
"renamePattern": "$1"
}
}
],
"type": "stat"
},
{
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
}
},
"mappings": []
},
"overrides": []
},
"gridPos": {
"h": 10,
"w": 12,
"x": 12,
"y": 14
},
"id": 3,
"maxDataPoints": 1,
"options": {
"legend": {
"displayMode": "list",
"placement": "right",
"showLegend": true,
"values": [
"percent"
]
},
"pieType": "donut",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"pluginVersion": "8.4.3-54429",
"targets": [
{
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"groupBy": [
{
"params": [
"behavior"
],
"type": "tag"
}
],
"measurement": "crowdseclog",
"orderByTime": "ASC",
"policy": "default",
"refId": "A",
"resultFormat": "time_series",
"select": [
[
{
"params": [
"ban_length"
],
"type": "field"
},
{
"params": [],
"type": "cumulative_sum"
}
]
],
"tags": []
}
],
"title": "Behaviors",
"transformations": [
{
"id": "renameByRegex",
"options": {
"regex": ".*behavior: [^/]*/(.*)}",
"renamePattern": "$1"
}
}
],
"type": "piechart"
},
{
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"min": 0,
"noValue": "0",
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "none"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 24
},
"id": 8,
"interval": "1m",
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"groupBy": [
{
"params": [
"$__interval"
],
"type": "time"
},
{
"params": [
"reason"
],
"type": "tag"
},
{
"params": [
"null"
],
"type": "fill"
}
],
"measurement": "crowdsec_cs_active_decisions",
"orderByTime": "ASC",
"policy": "default",
"refId": "A",
"resultFormat": "time_series",
"select": [
[
{
"params": [
"gauge"
],
"type": "field"
},
{
"params": [],
"type": "mean"
}
]
],
"tags": [
{
"key": "origin",
"operator": "=",
"value": "crowdsec"
},
{
"condition": "AND",
"key": "host",
"operator": "=~",
"value": "/^$host$/"
}
]
}
],
"title": "Banned Hosts",
"transformations": [
{
"id": "renameByRegex",
"options": {
"regex": ".*reason: [^/]+/(.*)}",
"renamePattern": "$1"
}
}
],
"type": "timeseries"
},
{
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"noValue": "0",
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 24
},
"id": 18,
"interval": "1m",
"options": {
"legend": {
"calcs": [
"last",
"mean",
"max"
],
"displayMode": "table",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"alias": "$tag_bouncer Allow",
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"groupBy": [
{
"params": [
"$__interval"
],
"type": "time"
},
{
"params": [
"bouncer"
],
"type": "tag"
},
{
"params": [
"null"
],
"type": "fill"
}
],
"hide": false,
"measurement": "crowdsec_cs_lapi_decisions_ko_total",
"orderByTime": "ASC",
"policy": "default",
"refId": "A",
"resultFormat": "time_series",
"select": [
[
{
"params": [
"*"
],
"type": "field"
},
{
"params": [],
"type": "mean"
},
{
"params": [
"1m"
],
"type": "non_negative_derivative"
}
]
],
"tags": [
{
"key": "host",
"operator": "=~",
"value": "/^$host$/"
}
]
},
{
"alias": "$tag_bouncer Deny",
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"groupBy": [
{
"params": [
"$__interval"
],
"type": "time"
},
{
"params": [
"bouncer"
],
"type": "tag"
},
{
"params": [
"null"
],
"type": "fill"
}
],
"hide": false,
"measurement": "crowdsec_cs_lapi_decisions_ok_total",
"orderByTime": "ASC",
"policy": "default",
"refId": "B",
"resultFormat": "time_series",
"select": [
[
{
"params": [
"counter"
],
"type": "field"
},
{
"params": [],
"type": "mean"
},
{
"params": [
"1m"
],
"type": "non_negative_derivative"
}
]
],
"tags": []
}
],
"title": "LAPI Decisions",
"transformations": [
{
"id": "renameByRegex",
"options": {
"regex": ".*:\\s(.*)\\s.*",
"renamePattern": "$1"
}
}
],
"type": "timeseries"
},
{
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 20,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 32
},
"id": 12,
"interval": "5m",
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"groupBy": [
{
"params": [
"$__interval"
],
"type": "time"
},
{
"params": [
"name"
],
"type": "tag"
},
{
"params": [
"null"
],
"type": "fill"
}
],
"measurement": "crowdsec_cs_bucket_poured_total",
"orderByTime": "ASC",
"policy": "default",
"refId": "A",
"resultFormat": "time_series",
"select": [
[
{
"params": [
"counter"
],
"type": "field"
},
{
"params": [],
"type": "mean"
},
{
"params": [
"5m"
],
"type": "non_negative_derivative"
}
]
],
"tags": [
{
"key": "host",
"operator": "=~",
"value": "/^$host$/"
}
]
}
],
"title": "Buckets Poured",
"transformations": [
{
"id": "renameByRegex",
"options": {
"regex": ".*name:\\s[^/]+/(.*)}",
"renamePattern": "$1"
}
}
],
"type": "timeseries"
},
{
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 40
},
"id": 10,
"panels": [],
"title": "Details",
"type": "row"
},
{
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 41
},
"id": 14,
"interval": "5m",
"options": {
"legend": {
"calcs": [
"last",
"mean",
"max"
],
"displayMode": "table",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"groupBy": [
{
"params": [
"$__interval"
],
"type": "time"
},
{
"params": [
"source"
],
"type": "tag"
},
{
"params": [
"null"
],
"type": "fill"
}
],
"measurement": "crowdsec_cs_filesource_hits_total",
"orderByTime": "ASC",
"policy": "default",
"refId": "A",
"resultFormat": "time_series",
"select": [
[
{
"params": [
"counter"
],
"type": "field"
},
{
"params": [],
"type": "mean"
},
{
"params": [
"1m"
],
"type": "non_negative_derivative"
}
]
],
"tags": [
{
"key": "host",
"operator": "=~",
"value": "/^$host$/"
}
]
}
],
"title": "Lines Read per minute",
"transformations": [
{
"id": "renameByRegex",
"options": {
"regex": ".*:\\s(.*)}",
"renamePattern": "$1"
}
}
],
"type": "timeseries"
},
{
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 41
},
"id": 16,
"interval": "1m",
"options": {
"legend": {
"calcs": [
"last",
"mean",
"max"
],
"displayMode": "table",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"alias": "OK",
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"groupBy": [
{
"params": [
"$__interval"
],
"type": "time"
},
{
"params": [
"null"
],
"type": "fill"
}
],
"measurement": "crowdsec_cs_parser_hits_ok_total",
"orderByTime": "ASC",
"policy": "default",
"refId": "A",
"resultFormat": "time_series",
"select": [
[
{
"params": [
"counter"
],
"type": "field"
},
{
"params": [],
"type": "mean"
},
{
"params": [
"1m"
],
"type": "non_negative_derivative"
}
]
],
"tags": [
{
"key": "host",
"operator": "=~",
"value": "/^$host$/"
}
]
},
{
"alias": "Error",
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"groupBy": [
{
"params": [
"$__interval"
],
"type": "time"
},
{
"params": [
"null"
],
"type": "fill"
}
],
"hide": false,
"measurement": "crowdsec_cs_parser_hits_ko_total",
"orderByTime": "ASC",
"policy": "default",
"refId": "B",
"resultFormat": "time_series",
"select": [
[
{
"params": [
"counter"
],
"type": "field"
},
{
"params": [],
"type": "mean"
},
{
"params": [
"1m"
],
"type": "non_negative_derivative"
}
]
],
"tags": []
}
],
"title": "Parser Hits per minute",
"type": "timeseries"
},
{
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "left",
"cellOptions": {
"type": "auto"
},
"filterable": false,
"inspect": false
},
"mappings": [
{
"options": {
"pattern": "crowdsecurity/(.*)",
"result": {
"index": 0,
"text": "$1"
}
},
"type": "regex"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "ban"
},
"properties": [
{
"id": "unit",
"value": "ns"
}
]
}
]
},
"gridPos": {
"h": 11,
"w": 24,
"x": 0,
"y": 49
},
"id": 5,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": [
"asn"
],
"reducer": [
"sum"
],
"show": false
},
"frameIndex": 2,
"showHeader": true
},
"pluginVersion": "11.1.0",
"targets": [
{
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"groupBy": [
{
"params": [
"behavior::tag"
],
"type": "tag"
},
{
"params": [
"country_code::tag"
],
"type": "tag"
},
{
"params": [
"asn"
],
"type": "tag"
},
{
"params": [
"ip::tag"
],
"type": "tag"
}
],
"measurement": "crowdseclog",
"orderByTime": "DESC",
"policy": "default",
"query": "SELECT DISTINCT \"ip\" FROM \"crowdseclog_tail\" WHERE (\"host\" =~ /^$host$/) AND $timeFilter",
"rawQuery": false,
"refId": "A",
"resultFormat": "table",
"select": [
[
{
"params": [
"ban_length"
],
"type": "field"
},
{
"params": [],
"type": "distinct"
},
{
"params": [
"ban"
],
"type": "alias"
}
]
],
"tags": []
}
],
"title": "Ban Log",
"type": "table"
},
{
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "left",
"cellOptions": {
"type": "auto"
},
"filterable": false,
"inspect": false
},
"mappings": [
{
"options": {
"pattern": "crowdsecurity/(.*)",
"result": {
"index": 0,
"text": "$1"
}
},
"type": "regex"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 11,
"w": 24,
"x": 0,
"y": 60
},
"id": 19,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": [
"asn"
],
"reducer": [
"sum"
],
"show": false
},
"frameIndex": 2,
"showHeader": true,
"sortBy": [
{
"desc": true,
"displayName": "sum"
}
]
},
"pluginVersion": "11.1.0",
"targets": [
{
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"groupBy": [
{
"params": [
"behavior"
],
"type": "tag"
}
],
"measurement": "crowdseclog",
"orderByTime": "ASC",
"policy": "default",
"query": "SELECT DISTINCT \"ip\" FROM \"crowdseclog_tail\" WHERE (\"host\" =~ /^$host$/) AND $timeFilter",
"rawQuery": false,
"refId": "A",
"resultFormat": "table",
"select": [
[
{
"params": [
"events"
],
"type": "field"
},
{
"params": [],
"type": "sum"
},
{
"params": [
"events"
],
"type": "alias"
}
]
],
"tags": []
}
],
"title": "Ban Log - Number of Events per Behavior",
"type": "table"
}
],
"refresh": "1m",
"revision": 1,
"schemaVersion": 39,
"tags": [],
"templating": {
"list": [
{
"current": {
"selected": false,
"text": "All",
"value": "$__all"
},
"datasource": {
"type": "influxdb",
"uid": "Quid8haVk"
},
"definition": "show tag values with key=\"host\"",
"hide": 0,
"includeAll": true,
"multi": true,
"name": "host",
"options": [],
"query": "show tag values with key=\"host\"",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 5,
"type": "query"
}
]
},
"time": {
"from": "now-7d",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Crowdsec",
"uid": "j4KEK3L7k",
"version": 66,
"weekStart": ""
}
Raw
telegraf.conf
[agent]
interval = "30s"
round_interval = true
metric_batch_size = 1000
metric_buffer_limit = 10000
collection_jitter = "0s"
flush_interval = "10s"
flush_jitter = "0s"
precision = ""
hostname = "redacted"
omit_hostname = false
[[outputs.influxdb]]
urls = ["http://redacted:8086"]
database = "crowdsec"
username = "redacted"
password = "redacted"
namepass = ["crowdsec_*"]
[[outputs.influxdb]]
urls = ["http://redacted:8086"]
database = "crowdsec"
username = "redacted"
password = "redacted"
namepass = ["crowdseclog"]
[[inputs.prometheus]]
urls = ["http://crowdsec:6060/metrics"]
name_prefix = "crowdsec_"
[[inputs.tail]]
files = ["/var/log/crowdsec/crowdsec.log"]
# time="2024-07-18T23:23:20Z" level=info msg="(localhost/crowdsec) crowdsecurity/http-probing by ip 103.162.36.154 (ID/141639) : 4h ban on Ip 103.162.36.154"
name_override = "crowdseclog"
data_format = "grok"
grok_custom_patterns = '''
TIMESTAMP_EU (?:\d{2}-\d{2}-\d{4} \d{2}:\d{2}:\d{2})
CROWDSTRIKE_BAN_MSG \(%{DATA}\) %{DATA:behavior:tag} by ip %{IP:ip:tag} \(%{DATA:country_code:tag}/%{NUMBER:asn:tag}\) : %{DATA:ban_length:duration} ban on Ip %{IP:ban_ip:tag}
CROWDSTRIK_EVENTS_MSG Ip %{IP:ip:tag} performed '%{DATA:behavior:tag}' \(%{INT:events:int} events over %{DATA:window:duration}\) at %{DATA}
'''
grok_patterns = [
'''time="%{TIMESTAMP_ISO8601:time}".*msg="%{CROWDSTRIKE_BAN_MSG}"''',
'''time="%{TIMESTAMP_ISO8601:time}".*msg="%{CROWDSTRIK_EVENTS_MSG}"'''
]
[[processors.converter]]
[processors.converter.fields]
namepass = ["crowdseclog"]
timestamp = ["time"]
# Timestamps are in ISO8601
timestamp_format = "2006-01-02T15:04:05.999999999Z"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment