{"name":"NxFilter BR","description":"Pacote NxFilter para o Graylog - porta padrão 1514","category":"DNS, Filtro","inputs":[{"id":"58a41ecba443430312510b0b","title":"nxfilter-syslog-udp","configuration":{"override_source":null,"recv_buffer_size":262144,"bind_address":"0.0.0.0","port":1514},"static_fields":{},"type":"org.graylog2.inputs.raw.udp.RawUDPInput","global":false,"extractors":[{"title":"NxFilter ","type":"GROK","cursor_strategy":"COPY","target_field":"","source_field":"message","configuration":{"grok_pattern":"%{HOSTNAME:srv} %{WORD:sys}\\|%{TIMESTAMP_ISO8601:Time}\\|%{WORD:Block}\\|%{HOSTNAME:Domain}\\|%{GREEDYDATA:User}\\|%{IP:ClientIP}\\|%{GREEDYDATA:Policy}\\|%{GREEDYDATA:Category}\\|%{GREEDYDATA:Reason}\\|%{INT:Type}\\|%{GREEDYDATA:Group}","named_captures_only":true},"converters":[],"condition_type":"REGEX","condition_value":"^*NXFILTER\\|*","order":0}]}],"streams":[{"id":"581884e6eed7ff3349c0b4e5","title":"NxFilter","description":"DNS Filter","disabled":false,"matching_type":"OR","stream_rules":[{"type":"EXACT","field":"sys","value":"NXFILTER","inverted":false,"description":"É um NxFilter"}],"outputs":[],"default_stream":false}],"outputs":[],"dashboards":[{"title":"NxFilter - 2 horas","description":"Dashboard das últimas 2 horas","dashboard_widgets":[{"description":"Requisições","type":"SEARCH_RESULT_COUNT","cache_time":10,"configuration":{"timerange":{"type":"relative","range":28800},"lower_is_better":false,"trend":true,"query":"gl2_source_input:58a41ecba443430312510b0b"},"col":1,"row":1,"height":1,"width":1},{"description":"Domínios","type":"STATS_COUNT","cache_time":10,"configuration":{"timerange":{"type":"relative","range":28800},"field":"Domain","trend":true,"query":"gl2_source_input:58a41ecba443430312510b0b","stats_function":"cardinality","lower_is_better":false},"col":3,"row":1,"height":1,"width":1},{"description":"Cliente IP","type":"STATS_COUNT","cache_time":10,"configuration":{"timerange":{"type":"relative","range":28800},"field":"ClientIP","trend":true,"query":"gl2_source_input:58a41ecba443430312510b0b","stats_function":"cardinality","lower_is_better":false},"col":4,"row":1,"height":1,"width":1},{"description":"Requisições - Histograma","type":"SEARCH_RESULT_CHART","cache_time":10,"configuration":{"interval":"minute","timerange":{"type":"relative","range":7200},"query":"gl2_source_input:58a41ecba443430312510b0b"},"col":1,"row":3,"height":1,"width":2},{"description":"Domínios - Mais acessados","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":7200},"field":"Domain","show_pie_chart":true,"query":"gl2_source_input:58a41ecba443430312510b0b","show_data_table":true},"col":1,"row":4,"height":3,"width":1},{"description":"Categorias - Mais acessadas","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":7200},"field":"Category","show_pie_chart":true,"query":"gl2_source_input:58a41ecba443430312510b0b","show_data_table":true},"col":2,"row":4,"height":3,"width":1},{"description":"Usuários - Top","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":7200},"field":"User","show_pie_chart":true,"query":"gl2_source_input:58a41ecba443430312510b0b","show_data_table":true},"col":3,"row":2,"height":3,"width":1},{"description":"Cliente IP - Top","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":7200},"field":"ClientIP","show_pie_chart":true,"query":"gl2_source_input:58a41ecba443430312510b0b","show_data_table":true},"col":4,"row":2,"height":3,"width":1},{"description":"Bloqueios","type":"SEARCH_RESULT_COUNT","cache_time":10,"configuration":{"timerange":{"type":"relative","range":104400},"lower_is_better":false,"trend":true,"query":"Block:Y"},"col":2,"row":1,"height":1,"width":1},{"description":"Bloqueios - Histograma","type":"SEARCH_RESULT_CHART","cache_time":10,"configuration":{"interval":"minute","timerange":{"type":"relative","range":104400},"query":"Block:Y"},"col":1,"row":2,"height":1,"width":2}]},{"title":"NxFilter","description":"Dashboard","dashboard_widgets":[{"description":"IP","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":300},"field":"src_ip","show_pie_chart":true,"query":"","show_data_table":true},"col":0,"row":0,"height":0,"width":0}]}],"grok_patterns":[{"name":"POSINT","pattern":"\\b(?:[1-9][0-9]*)\\b"},{"name":"HTTPD20_ERRORLOG","pattern":"\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{LOGLEVEL:loglevel}\\] (?:\\[client %{IPORHOST:clientip}\\] ){0,1}%{GREEDYDATA:errormsg}"},{"name":"SYSLOGTIMESTAMP","pattern":"%{MONTH} +%{MONTHDAY} %{TIME}"},{"name":"NOTSPACE","pattern":"\\S+"},{"name":"SYSLOGFACILITY","pattern":"<%{NONNEGINT:facility}.%{NONNEGINT:priority}>"},{"name":"BASE16FLOAT","pattern":"\\b(?<![0-9A-Fa-f.])(?:[+-]?(?:0x)?(?:(?:[0-9A-Fa-f]+(?:\\.[0-9A-Fa-f]*)?)|(?:\\.[0-9A-Fa-f]+)))\\b"},{"name":"USERNAME","pattern":"[a-zA-Z0-9._-]+"},{"name":"SPACE","pattern":"\\s*"},{"name":"WINDOWSMAC","pattern":"(?:(?:[A-Fa-f0-9]{2}-){5}[A-Fa-f0-9]{2})"},{"name":"DATE_EU","pattern":"%{MONTHDAY}[./-]%{MONTHNUM}[./-]%{YEAR}"},{"name":"DATA","pattern":".*?"},{"name":"MONTHNUM","pattern":"(?:0?[1-9]|1[0-2])"},{"name":"BASE10NUM","pattern":"(?<![0-9.+-])(?>[+-]?(?:(?:[0-9]+(?:\\.[0-9]+)?)|(?:\\.[0-9]+)))"},{"name":"NONNEGINT","pattern":"\\b(?:[0-9]+)\\b"},{"name":"URIPATHPARAM","pattern":"%{URIPATH}(?:%{URIPARAM})?"},{"name":"COMMONMAC","pattern":"(?:(?:[A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2})"},{"name":"SECOND","pattern":"(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)"},{"name":"HTTPDATE","pattern":"%{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{INT}"},{"name":"DATESTAMP_OTHER","pattern":"%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{TZ} %{YEAR}"},{"name":"MAC","pattern":"(?:%{CISCOMAC}|%{WINDOWSMAC}|%{COMMONMAC})"},{"name":"URIHOST","pattern":"%{IPORHOST}(?::%{POSINT:port})?"},{"name":"WINPATH","pattern":"(?>[A-Za-z]+:|\\\\)(?:\\\\[^\\\\?*]*)+"},{"name":"EMAILLOCALPART","pattern":"[a-zA-Z][a-zA-Z0-9_.+-=:]+"},{"name":"DATE_US","pattern":"%{MONTHNUM}[/-]%{MONTHDAY}[/-]%{YEAR}"},{"name":"TIME","pattern":"(?!<[0-9])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![0-9])"},{"name":"PROG","pattern":"[\\x21-\\x5a\\x5c\\x5e-\\x7e]+"},{"name":"COMMONAPACHELOG","pattern":"%{IPORHOST:clientip} %{HTTPDUSER:ident} %{USER:auth} \\[%{HTTPDATE:timestamp}\\] \"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" %{NUMBER:response} (?:%{NUMBER:bytes}|-)"},{"name":"WORD","pattern":"\\b\\w+\\b"},{"name":"URIPROTO","pattern":"[A-Za-z]+(\\+[A-Za-z+]+)?"},{"name":"DATE","pattern":"%{DATE_US}|%{DATE_EU}"},{"name":"SYSLOGHOST","pattern":"%{IPORHOST}"},{"name":"INT","pattern":"(?:[+-]?(?:[0-9]+))"},{"name":"MONTHDAY","pattern":"(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])"},{"name":"ISO8601_TIMEZONE","pattern":"(?:Z|[+-]%{HOUR}(?::?%{MINUTE}))"},{"name":"YEAR","pattern":"(?>\\d\\d){1,2}"},{"name":"QS","pattern":"%{QUOTEDSTRING}"},{"name":"UUID","pattern":"[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12}"},{"name":"PATH","pattern":"(?:%{UNIXPATH}|%{WINPATH})"},{"name":"CISCOMAC","pattern":"(?:(?:[A-Fa-f0-9]{4}\\.){2}[A-Fa-f0-9]{4})"},{"name":"MONTHNUM2","pattern":"(?:0[1-9]|1[0-2])"},{"name":"TTY","pattern":"(?:/dev/(pts|tty([pq])?)(\\w+)?/?(?:[0-9]+))"},{"name":"IPV6","pattern":"((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?"},{"name":"HTTPDUSER","pattern":"%{EMAILADDRESS}|%{USER}"},{"name":"BASE16NUM","pattern":"(?<![0-9A-Fa-f])(?:[+-]?(?:0x)?(?:[0-9A-Fa-f]+))"},{"name":"MONTH","pattern":"\\b(?:Jan(?:uary|uar)?|Feb(?:ruary|ruar)?|M(?:a|ä)?r(?:ch|z)?|Apr(?:il)?|Ma(?:y|i)?|Jun(?:e|i)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|O(?:c|k)?t(?:ober)?|Nov(?:ember)?|De(?:c|z)(?:ember)?)\\b"},{"name":"EMAILADDRESS","pattern":"%{EMAILLOCALPART}@%{HOSTNAME}"},{"name":"URIPARAM","pattern":"\\?[A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?\\-\\[\\]<>]*"},{"name":"UNIXPATH","pattern":"(/([\\w_%!$@:.,~-]+|\\\\.)*)+"},{"name":"TIMESTAMP_ISO8601","pattern":"%{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?"},{"name":"ISO8601_SECOND","pattern":"(?:%{SECOND}|60)"},{"name":"GREEDYDATA","pattern":".*"},{"name":"HTTPD24_ERRORLOG","pattern":"\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{WORD:module}:%{LOGLEVEL:loglevel}\\] \\[pid %{POSINT:pid}:tid %{NUMBER:tid}\\]( \\(%{POSINT:proxy_errorcode}\\)%{DATA:proxy_errormessage}:)?( \\[client %{IPORHOST:client}:%{POSINT:clientport}\\])? %{DATA:errorcode}: %{GREEDYDATA:message}"},{"name":"URI","pattern":"%{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})?"},{"name":"DATESTAMP_RFC2822","pattern":"%{DAY}, %{MONTHDAY} %{MONTH} %{YEAR} %{TIME} %{ISO8601_TIMEZONE}"},{"name":"HOSTPORT","pattern":"%{IPORHOST}:%{POSINT}"},{"name":"SYSLOGBASE","pattern":"%{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:"},{"name":"HOSTNAME","pattern":"\\b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\\.?|\\b)"},{"name":"IP","pattern":"(?:%{IPV6}|%{IPV4})"},{"name":"USER","pattern":"%{USERNAME}"},{"name":"DATESTAMP_EVENTLOG","pattern":"%{YEAR}%{MONTHNUM2}%{MONTHDAY}%{HOUR}%{MINUTE}%{SECOND}"},{"name":"HTTPD_ERRORLOG","pattern":"%{HTTPD20_ERRORLOG}|%{HTTPD24_ERRORLOG}"},{"name":"DATESTAMP_RFC822","pattern":"%{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}"},{"name":"IPORHOST","pattern":"(?:%{IP}|%{HOSTNAME})"},{"name":"LOGLEVEL","pattern":"([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)"},{"name":"DAY","pattern":"(?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?)"},{"name":"HTTPDERROR_DATE","pattern":"%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}"},{"name":"IPV4","pattern":"(?<![0-9])(?:(?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5]))(?![0-9])"},{"name":"COMBINEDAPACHELOG","pattern":"%{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}"},{"name":"NUMBER","pattern":"(?:%{BASE10NUM})"},{"name":"URIPATH","pattern":"(?:/[A-Za-z0-9$.+!*'(){},~:;=@#%_\\-]*)+"},{"name":"HOUR","pattern":"(?:2[0123]|[01]?[0-9])"},{"name":"TZ","pattern":"(?:[PMCE][SD]T|UTC)"},{"name":"DATESTAMP","pattern":"%{DATE}[- ]%{TIME}"},{"name":"QUOTEDSTRING","pattern":"(?>(?<!\\\\)(?>\"(?>\\\\.|[^\\\\\"]+)+\"|\"\"|(?>'(?>\\\\.|[^\\\\']+)+')|''|(?>`(?>\\\\.|[^\\\\`]+)+`)|``))"},{"name":"MINUTE","pattern":"(?:[0-5][0-9])"},{"name":"SYSLOGPROG","pattern":"%{PROG:program}(?:\\[%{POSINT:pid}\\])?"}]}