collse
commented
3 years ago actually I have just figured it out - its the naming conventions of the columns - there are none like eg unbound.client.ip its client.ip
Open collse opened 3 years ago
collse
commented
3 years ago actually I have just figured it out - its the naming conventions of the columns - there are none like eg unbound.client.ip its client.ip
ghost
commented
3 years ago Please can you give me some pointers on how you got this to work with sensei, as the downloaded grafana dashboards refer to an influx database, and I cannot see any where how to configure this. The elastic search database is on the opnsense system and is accessible.
I have managed, eventually, to get grafana to display a simple plot, using elastic search as the data source.
I have tried the pfelk approach in the past but its a bit over the top (and quite memory hungry) for me. In addition pfelk appears not to use influx as far as I can determine.
Thanks
b4b857f6ee
commented
3 years ago I just saw your Issues, i'm so sorry sorry @collse , Let me check this weekend! If you can add screen that will help a lot.
ghost
commented
3 years ago Hi
From the setup instructions I could find no reference to an Influxdb source. The grafana dashboards refere to an influxdb source, how is the source setup, fed from in your code? All I see is elasticsearch.
On 29 Jan 2021, at 11:14, b4b857f6ee notifications@github.com wrote:
I just saw your Issues, i'm so sorry sorry @collse https://github.com/collse , Let me check this weekend!
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/b4b857f6ee/opnsense_grafana_dashboard/issues/1#issuecomment-769742894, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC7N7JGFUVWV7B3DI4ID3RTS4KKBHANCNFSM4V2LPZRQ.
b4b857f6ee
commented
3 years ago @aimdev You mean this ? "OPNsense configuration ELK logs, configure the ELK logs by following this : https://github.com/3ilson/pfelk ->>>>>Install Telegraf plugin and configure it to send metrics into InfluxDB Grafana configuration ->>>>>Configure the Datasource for InfluxDB"
you want instruction how to install the influxdb in local/telegraf on opnsense/influxdb input in grfana?
ghost
commented
3 years ago Hi Yes
InfluxDB : OPNSense - Firewall ELK : Firewall - Dashboard | Firewall - Suricata | Firewall - Unbound It wasn't clear how telegraf was utilised, I assume you use Logstash?
On 29 Jan 2021, at 13:52, b4b857f6ee notifications@github.com wrote:
@aimdev https://github.com/aimdev You mean this ? "OPNsense configuration ELK logs, configure the ELK logs by following this : https://github.com/3ilson/pfelk https://github.com/3ilson/pfelk ->>>>>Install Telegraf plugin and configure it to send metrics into InfluxDB Grafana configuration ->>>>>Configure the Datasource for InfluxDB"
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/b4b857f6ee/opnsense_grafana_dashboard/issues/1#issuecomment-769817105, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC7N7JDYLMAX7X4NPZOZHF3S4K4RJANCNFSM4V2LPZRQ.
b4b857f6ee
commented
3 years ago @aimdev No i assume people already install it, that's why i've write : "Requirement ELK stack 7+ Telegraf configuration for OPNsense Grafana and InfluxDB"
But that's ok, i can add few line to explain or link InfluxDB installation/configuration and link with InfluxDB -> Grafana and OPNsense Telegraf -> InfluxDB
b4b857f6ee
commented
3 years ago @collse for the pfelk you are using this : https://github.com/pfelk/docker ? And the version 6.1?
b4b857f6ee
commented
3 years ago @collse I have the same as you. I upgrade to the pfelk 6.1 and The grafana dashboard isn't get the data, i have to change the request, i will do it.
b4b857f6ee
commented
3 years ago I need to remove this from all the Dashboard
b4b857f6ee
commented
3 years ago The 3 Dashboards are updated :
B3DTech
commented
3 years ago Your 3 dashboards mentioned all still have a dependency on influxdb. Not sure why it needs it when everything is being logged into ELK.
badsmoke
commented
3 years ago I also have the problem that not all data from the elk are displayed.
e.g. "discover" in the dashboard "OPNsense Firewall - Dashboard" works, but the rest does not.
also i can't add the data source for "Elasticsearch-Suricata" because "No date field named @timestamp found".
First of all thanks for creating these but I have found a few things that may require altering or documentation:
dependencies plugins:
All OPNsense dashboard widgets start with tablename eg pfelk-firewall* - this doesnt deliver any data and I have found omitting this as part of the query will execute them correctly.
however, after this most dashboards still have significant defuncts with regards to widgets not showing any results (apart from the Sensei dashboards).
Grafana v7.3.3 (2489dc4d3a) OPNsense OPNsense 20.7.7_1-amd64 Sensei: 1.62