Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

create dashboards for other non-network log data #414

Closed
mmguero opened this issue Feb 15, 2024 · 2 comments
Closed

create dashboards for other non-network log data #414

mmguero opened this issue Feb 15, 2024 · 2 comments
Assignees
@mmguero
Labels
dashboards Relating to Malcolm's OpenSearch Dashboards interface enhancement New feature or request
Milestone
v24.03.0

Comments

@mmguero
Copy link
Collaborator

mmguero commented Feb 15, 2024

Malcolm can accept various third-party logs, and while there's no way we could create dashboards for every conceivable source, we could create them for more than we have.

We have some already (mainly used for data coming from Hedgehog):

image

  • Malcolm nginx Overview and Malcolm nginx Access and Error Logs - for reporting on Malcolm's own nginx logs enabled by NGINX_LOG_ACCESS_AND_ERRORS
  • Malcolm Sensor Temperature - for data from fluent bit thermal
  • Malcolm Sensor Audit Logs - for data from Hedgehog's auditd logs
  • Malcolm Sensor Resources Hosts Overview and Malcolm Sensor Resources System Overview - for resource utilization from Hedgehog or Malcolm (or anything using those fluent bit inputs)
  • Malcolm Sensor Journald logs - fluent bit's journald/systemd input for linux logs
  • Malcolm Sensor File/Directory Integrity - for hedgehog's file system integrity output from AIDE

But there are lots of others we could/should create dashboards for, potentially including:

  • any of the fluent-bit inputs
    • should "just work" as far as getting it into Malcolm if set up with the convenience scripts, this should be the pattern to follow
    • particularly we should prioritize Windows Event Logs (old, new)
    • we should also examine existing dashboards that were made with malcolm/hedgehog itself in mind and make sure they're generally usefull
  • Malcolm can now report to itself on capture statistics (Malcolm report to itself on capture statistics #395), we should create dashboards for these
  • ???
@mmguero mmguero added enhancement New feature or request dashboards Relating to Malcolm's OpenSearch Dashboards interface labels Feb 15, 2024
@mmguero mmguero modified the milestones: z.staging, v24.03.0 Feb 15, 2024
@mmguero mmguero added the CISA label Feb 15, 2024
@mmguero mmguero self-assigned this Feb 29, 2024
@mmguero
Copy link
Collaborator Author

mmguero commented Feb 29, 2024
edited
Loading

I've either ensured we have existing dashboards or created new ones for the following inputs. It is true that I haven't covered every possible fluent-bit input, but I think this is good for now. We may revisit later if there is more interest (esp., perhaps the docker, podman and kubernetes events ones).

Fluent Bit inputs

  • cpu (CPU Usage)
    • Resources - System Overview and Resources - Hosts Overview
  • mem (Memory Usage)
    • Resources - System Overview and Resources - Hosts Overview
  • thermal (Thermal)
    • Hardware Temperature
  • kmsg (Kernel Log Buffer)
    • Linux Kernel Messages
  • disk (Diskstats)
    • Resources - System Overview and Resources - Hosts Overview
  • systemd (Systemd (Journal) reader)
    • Journald Logs
  • winevtlog
    • Windows Events
  • winlog
    • Windows Events
  • winstat
    • Windows Events

Zeek diagnostics

  • - analyzer.log
    • Packet Capture Statistics
  • - capture_loss.log
    • Packet Capture Statistics
  • - reporter.log
    • Packet Capture Statistics
  • - stats.log
    • Packet Capture Statistics

Suricata Stats

  • - EVE.json stats
    • Packet Capture Statistics

mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Mar 1, 2024
@mmguero
Work in progress for idaholab#414, capture stats dashboard for zeek
34dd3bd
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Mar 1, 2024
@mmguero
Work in progress for idaholab#414, capture stats dashboard for zeek
5aa8e9d
@mmguero
Copy link
Collaborator Author

mmguero commented Mar 1, 2024

Here's a dashboard for Packet Capture Statistics:

Screenshot 2024-03-01 at 12-20-29 Packet Capture Statistics - Malcolm Dashboards

mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Mar 1, 2024
@mmguero
Work in progress for idaholab#414, windows event logs dashboard for zeek
8a13ba2
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Mar 1, 2024
@mmguero
Work in progress for idaholab#414, windows event logs dashboard for zeek
6b332e7
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Mar 1, 2024
@mmguero
Work in progress for idaholab#414, windows kernel messages dashboard …
921fe4d 
…for zeek
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Mar 1, 2024
@mmguero
Work in progress for idaholab#414, additional resource/statistics das…
57a2bf3 
…hboards
@mmguero mmguero closed this as completed Mar 1, 2024
This was referenced Mar 4, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmguero mmguero

Labels
dashboards Relating to Malcolm's OpenSearch Dashboards interface enhancement New feature or request
Projects
Malcolm
Status: Released
Milestone
v24.03.0
Development

No branches or pull requests
1 participant
@mmguero