voidquark / grafana-dashboards

Grafana Dashboards Collection
https://grafana.com/orgs/voidquark
MIT License
63 stars 2 forks source link

[FEATURE] [ModSecurity or Fail2ban] Dashboard #9

Closed ehnwebmaster closed 3 weeks ago

ehnwebmaster commented 1 month ago

Hello,

What about adding a panel (dashboard) for modsecurity or fail2ban, suricata logs?

Just searched and nothing found.

Just this for fail2ban (includes grafana dashboard, promtail loki configuration)

https://gist.github.com/lazyfrosch/edd0658ae9a0aaa5a716b214bb98cae6

For example promtail config:

- job_name: fail2ban
  static_configs:
  - targets:
      - localhost
    labels:
      job: fail2ban
      __path__: /var/log/fail2ban.log
  pipeline_stages:
  - regex:
      expression: '^(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}) (?P<log_component>[\w.]+)\s+\[(?P<id>\d+)\]: (?P<level>\w+)\s+\[(?P<service>[^\]]+)\] (?P<action>Restore Ban|Increase Ban|Ban|Unban|Found)(?:.*(?:\s|\b))(?P<ip>\d{1,3}(?:\.\d{1,3}){3})(?:, (?P<is_bad>bad))?'
  - timestamp:
      source: timestamp
      format: '2006-01-02 15:04:05,000'
      location: "Europe/Paris"
  - labels:
      service:
      ip:
      action:
      is_bad:

Thanks in advance.

voidquark commented 3 weeks ago

I’m not planning to build a Fail2Ban dashboard right now. I want to keep the SSH dashboard in this repo separate, since Fail2Ban is specific implementation.

I’ll leave this issue open as a future request, even though I’m not planning to work on it now. Thanks for the suggestion!

ehnwebmaster commented 3 weeks ago

image

https://grafana.com/grafana/dashboards/22197-f2b/

image (2)

image (1)

https://grafana.com/grafana/dashboards/22234-modsecurity-log/

Now i'm doing a new dashboard for Suricata logs (JSON format)

voidquark commented 3 weeks ago

I see that you’ve handled it yourself, so I’ll go ahead and close this issue.