{ "v": "1", "id": "6f88399d-9c58-4a70-b7fe-30d4a057132a", "rev": 2, "name": "OPNsense Dashboard", "summary": "This pack includes everything needed to setup Graylog for the dashboard.", "description": "", "vendor": "bsmithio", "url": "https://github.com/bsmithio/OPNsense-Dashboard", "parameters": [], "entities": [ { "v": "1", "type": { "name": "input", "version": "1" }, "id": "a9e59e12-e4a8-4a9f-acda-960e78b8f9b6", "data": { "title": { "@type": "string", "@value": "Syslog UDP" }, "configuration": { "port": { "@type": "integer", "@value": 1514 }, "recv_buffer_size": { "@type": "integer", "@value": 262144 }, "force_rdns": { "@type": "boolean", "@value": false }, "allow_override_date": { "@type": "boolean", "@value": true }, "bind_address": { "@type": "string", "@value": "0.0.0.0" }, "expand_structured_data": { "@type": "boolean", "@value": false }, "store_full_message": { "@type": "boolean", "@value": true }, "charset_name": { "@type": "string", "@value": "UTF-8" }, "number_worker_threads": { "@type": "integer", "@value": 6 } }, "static_fields": {}, "type": { "@type": "string", "@value": "org.graylog2.inputs.syslog.udp.SyslogUDPInput" }, "global": { "@type": "boolean", "@value": false }, "extractors": [ { "target_field": { "@type": "string", "@value": "filterlog_ipv6_icmp" }, "condition_value": { "@type": "string", "@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*,(in|out),6,.*,icmp,.*)$" }, "order": { "@type": "integer", "@value": 5 }, "converters": [ { "type": { "@type": "string", "@value": "CSV" }, "configuration": { "column_header": { "@type": "string", "@value": "rule-number,sub-rule-number,anchor,tracker,interface,reason,action,direction,ip-version,class,flowlabel,hoplimit,protocol-name,protocol-id,length,src-ip,dst-ip,datalength" } } } ], "configuration": { "regex_value": { "@type": "string", "@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*)$" } }, "source_field": { "@type": "string", "@value": "full_message" }, "title": { "@type": "string", "@value": "OPNsense: RFC5424 IPv6 ICMP" }, "type": { "@type": "string", "@value": "REGEX" }, "cursor_strategy": { "@type": "string", "@value": "COPY" }, "condition_type": { "@type": "string", "@value": "REGEX" } }, { "target_field": { "@type": "string", "@value": "filterlog_ipv6_tcp" }, "condition_value": { "@type": "string", "@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*,(in|out),6,.*,tcp,.*)$" }, "order": { "@type": "integer", "@value": 1 }, "converters": [ { "type": { "@type": "string", "@value": "CSV" }, "configuration": { "column_header": { "@type": "string", "@value": "rule-number,sub-rule-number,anchor,tracker,interface,reason,action,direction,ipversion,class,flowlabel,hoplimit,protocol-name,protocol-id,length,src-ip,dst-ip,src-port,dst-port,datalength,tcp-flags,sequence,ack,window,urg,options,opnsense-rid" }, "trim_leading_whitespace": { "@type": "boolean", "@value": true } } } ], "configuration": { "regex_value": { "@type": "string", "@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*)$" } }, "source_field": { "@type": "string", "@value": "full_message" }, "title": { "@type": "string", "@value": "OPNsense: RFC5424 IPv6 TCP" }, "type": { "@type": "string", "@value": "REGEX" }, "cursor_strategy": { "@type": "string", "@value": "COPY" }, "condition_type": { "@type": "string", "@value": "REGEX" } }, { "target_field": { "@type": "string", "@value": "filterlog_ipv4_tcp" }, "condition_value": { "@type": "string", "@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*,(in|out),4,.*,tcp,.*)$" }, "order": { "@type": "integer", "@value": 0 }, "converters": [ { "type": { "@type": "string", "@value": "CSV" }, "configuration": { "column_header": { "@type": "string", "@value": "rule-number,sub-rule-number,anchor,tracker,interface,reason,action,direction,ip-version,tos,ecn,ttl,id,offset,ip-flags,protocol-id,protocol-name,length,src-ip,dst-ip,src-port,dst-port,datalength,tcp-flags,sequence,f1,f2,tcp-options,opnsense-rid" }, "trim_leading_whitespace": { "@type": "boolean", "@value": true } } } ], "configuration": { "regex_value": { "@type": "string", "@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*)$" } }, "source_field": { "@type": "string", "@value": "full_message" }, "title": { "@type": "string", "@value": "OPNsense: RFC5424 IPv4 TCP" }, "type": { "@type": "string", "@value": "REGEX" }, "cursor_strategy": { "@type": "string", "@value": "COPY" }, "condition_type": { "@type": "string", "@value": "REGEX" } }, { "target_field": { "@type": "string", "@value": "filterlog_ipv4_udp" }, "condition_value": { "@type": "string", "@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*,(in|out),4,.*,udp,.*)$" }, "order": { "@type": "integer", "@value": 2 }, "converters": [ { "type": { "@type": "string", "@value": "CSV" }, "configuration": { "column_header": { "@type": "string", "@value": "rule-number,sub-rule-number,anchor,tracker,interface,reason,action,direction,ip-version,tos,ecn,ttl,id,offset,flags,protocol-id,protocol-name,length,src-ip,dst-ip,src-port,dst-port,opnsense-rid" }, "trim_leading_whitespace": { "@type": "boolean", "@value": true } } } ], "configuration": { "regex_value": { "@type": "string", "@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*)$" } }, "source_field": { "@type": "string", "@value": "full_message" }, "title": { "@type": "string", "@value": "OPNsense: RFC5424 IPv4 UDP" }, "type": { "@type": "string", "@value": "REGEX" }, "cursor_strategy": { "@type": "string", "@value": "COPY" }, "condition_type": { "@type": "string", "@value": "REGEX" } }, { "target_field": { "@type": "string", "@value": "filterlog_ipv4_icmp" }, "condition_value": { "@type": "string", "@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*,(in|out),4,.*,icmp,.*)$" }, "order": { "@type": "integer", "@value": 4 }, "converters": [ { "type": { "@type": "string", "@value": "CSV" }, "configuration": { "column_header": { "@type": "string", "@value": "rule-number,sub-rule-number,anchor,tracker,interface,reason,action,direction,ip-version,tos,ecn,ttl,id,offset,flags,protocol-id,protocol-name,length,src-ip,dst-ip,datalength" } } } ], "configuration": { "regex_value": { "@type": "string", "@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*)$" } }, "source_field": { "@type": "string", "@value": "full_message" }, "title": { "@type": "string", "@value": "OPNsense: RFC5424 IPv4 ICMP" }, "type": { "@type": "string", "@value": "REGEX" }, "cursor_strategy": { "@type": "string", "@value": "COPY" }, "condition_type": { "@type": "string", "@value": "REGEX" } }, { "target_field": { "@type": "string", "@value": "filterlog_ipv6_udp" }, "condition_value": { "@type": "string", "@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*,(in|out),6,.*,udp,.*)$" }, "order": { "@type": "integer", "@value": 3 }, "converters": [ { "type": { "@type": "string", "@value": "CSV" }, "configuration": { "column_header": { "@type": "string", "@value": "rule-number,sub-rule-number,anchor,tracker,interface,reason,action,direction,ip-version,class,flowlabel,hoplimit,protocol-name,protocol-id,length,src-ip,dst-ip,src-port,dst-port,opnsense-rid" } } } ], "configuration": { "regex_value": { "@type": "string", "@value": "^(?i).*\\sfilterlog.+\\[.+\\]\\s(.*)$" } }, "source_field": { "@type": "string", "@value": "full_message" }, "title": { "@type": "string", "@value": "OPNsense: RFC5424 IPv6 UDP" }, "type": { "@type": "string", "@value": "REGEX" }, "cursor_strategy": { "@type": "string", "@value": "COPY" }, "condition_type": { "@type": "string", "@value": "REGEX" } } ] }, "constraints": [ { "type": "server-version", "version": ">=5.0.2+59d96f8" } ] }, { "v": "1", "type": { "name": "lookup_adapter", "version": "1" }, "id": "056ed2d3-38f8-41cc-8cb0-b9fdb8d95d32", "data": { "_scope": { "@type": "string", "@value": "DEFAULT" }, "name": { "@type": "string", "@value": "geoip" }, "title": { "@type": "string", "@value": "GeoIP" }, "description": { "@type": "string", "@value": "Geo IP Lookup Table" }, "configuration": { "type": { "@type": "string", "@value": "maxmind_geoip" }, "path": { "@type": "string", "@value": "/usr/share/graylog/data/data/GeoLite2-Country.mmdb" }, "database_type": { "@type": "string", "@value": "MAXMIND_COUNTRY" }, "check_interval": { "@type": "long", "@value": 1 }, "check_interval_unit": { "@type": "string", "@value": "MINUTES" } } }, "constraints": [ { "type": "server-version", "version": ">=5.0.2+59d96f8" } ] }, { "v": "1", "type": { "name": "lookup_cache", "version": "1" }, "id": "776809e0-ea08-45e0-9df3-f06bb15585ed", "data": { "_scope": { "@type": "string", "@value": "DEFAULT" }, "name": { "@type": "string", "@value": "geoip" }, "title": { "@type": "string", "@value": "GeoIP" }, "description": { "@type": "string", "@value": "GeoIP Cache" }, "configuration": { "type": { "@type": "string", "@value": "guava_cache" }, "max_size": { "@type": "integer", "@value": 1000 }, "expire_after_access": { "@type": "long", "@value": 1 }, "expire_after_access_unit": { "@type": "string", "@value": "SECONDS" }, "expire_after_write": { "@type": "long", "@value": 0 } } }, "constraints": [ { "type": "server-version", "version": ">=5.0.2+59d96f8" } ] }, { "v": "1", "type": { "name": "lookup_table", "version": "1" }, "id": "19a27a83-5ffc-4f8d-a39c-a00d7c4ea36a", "data": { "default_single_value_type": { "@type": "string", "@value": "NULL" }, "cache_name": { "@type": "string", "@value": "776809e0-ea08-45e0-9df3-f06bb15585ed" }, "name": { "@type": "string", "@value": "geoip" }, "default_multi_value_type": { "@type": "string", "@value": "NULL" }, "default_multi_value": { "@type": "string", "@value": "" }, "data_adapter_name": { "@type": "string", "@value": "056ed2d3-38f8-41cc-8cb0-b9fdb8d95d32" }, "_scope": { "@type": "string", "@value": "DEFAULT" }, "title": { "@type": "string", "@value": "GeoIP" }, "default_single_value": { "@type": "string", "@value": "" }, "description": { "@type": "string", "@value": "Geo IP Lookup" } }, "constraints": [ { "type": "server-version", "version": ">=5.0.2+59d96f8" } ] }, { "v": "1", "type": { "name": "pipeline", "version": "1" }, "id": "5a7ec7eb-d413-4d6f-96e1-70a73f4df8e1", "data": { "title": { "@type": "string", "@value": "GeoIP" }, "description": { "@type": "string", "@value": "GeoIP" }, "source": { "@type": "string", "@value": "pipeline \"GeoIP\"\nstage 0 match either\nrule \"GeoIP lookup: src-ip\"\nend" }, "connected_streams": [ { "@type": "string", "@value": "67c8983f-c842-4a33-9650-94f19a793e0d" } ] }, "constraints": [ { "type": "server-version", "version": ">=5.0.2+59d96f8" } ] }, { "v": "1", "type": { "name": "pipeline_rule", "version": "1" }, "id": "9bea4894-60ec-495b-8531-0f5e27fc8025", "data": { "title": { "@type": "string", "@value": "GeoIP lookup: src-ip" }, "description": { "@type": "string", "@value": "" }, "source": { "@type": "string", "@value": "rule \"GeoIP lookup: src-ip\"\nwhen\nhas_field(\"src-ip\")\nthen\nlet geo = lookup(\"geoip\", to_string($message.\"src-ip\"));\nset_field(\"src-ip-geo-location\", geo[\"coordinates\"]);\nset_field(\"src-ip-geo-country\", geo[\"country\"].iso_code);\nset_field(\"src-ip-geo-city\", geo[\"city\"].names.en);\nend" } }, "constraints": [ { "type": "server-version", "version": ">=5.0.2+59d96f8" } ] }, { "v": "1", "type": { "name": "stream", "version": "1" }, "id": "67c8983f-c842-4a33-9650-94f19a793e0d", "data": { "alarm_callbacks": [], "outputs": [], "remove_matches": { "@type": "boolean", "@value": true }, "title": { "@type": "string", "@value": "OPNsense / filterlog" }, "stream_rules": [ { "type": { "@type": "string", "@value": "CONTAINS" }, "field": { "@type": "string", "@value": "application_name" }, "value": { "@type": "string", "@value": "filterlog" }, "inverted": { "@type": "boolean", "@value": false }, "description": { "@type": "string", "@value": "" } } ], "alert_conditions": [], "matching_type": { "@type": "string", "@value": "OR" }, "disabled": { "@type": "boolean", "@value": false }, "description": { "@type": "string", "@value": "OPNsense filter logs" }, "default_stream": { "@type": "boolean", "@value": false } }, "constraints": [ { "type": "server-version", "version": ">=5.0.2+59d96f8" } ] } ] }