palo
/
nixos-config
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity
nixos-config/terranix/graylog/content-packs/graylog3-content-pack-nginx.../content-pack-nginx-graylog3...

1211 lines
30 KiB
JSON
Raw Blame History

{
"v": "1",
"id": "d7dc82ff-529b-488a-b1de-b12b32e756bb",
"rev": 3,
"name": "nginx_json_graylog3",
"summary": "Graylog 3.0+ compatible version of nginx_json content pack",
"description": "",
"vendor": "Originally created by petestorey26 and updated by paulbarfuss for graylog3.0+",
"url": "https://github.com/paulbarfuss/graylog3-content-pack-nginx-json",
"parameters": [],
"entities": [
{
"v": "1",
"type": {
"name": "dashboard",
"version": "1"
},
"id": "b7c3a54b-3ed4-4b73-9452-2731a18846c8",
"data": {
"title": {
"@type": "string",
"@value": "NGINX Overview"
},
"description": {
"@type": "string",
"@value": "Overview of requests handled by NGINX"
},
"widgets": [
{
"id": {
"@type": "string",
"@value": "ab3138d7-9790-4c71-a804-f59ff5692e0f"
},
"description": {
"@type": "string",
"@value": "Requests last 24h"
},
"type": {
"@type": "string",
"@value": "STREAM_SEARCH_RESULT_COUNT"
},
"cache_time": {
"@type": "integer",
"@value": 10
},
"time_range": {
"type": {
"@type": "string",
"@value": "relative"
},
"range": {
"@type": "integer",
"@value": 300
}
},
"configuration": {
"timerange": {
"type": {
"@type": "string",
"@value": "relative"
},
"range": {
"@type": "integer",
"@value": 300
}
},
"lower_is_better": {
"@type": "boolean",
"@value": false
},
"stream_id": {
"@type": "string",
"@value": "3b4da8c0-e9f8-42f9-8f41-9222caa8f407"
},
"trend": {
"@type": "boolean",
"@value": false
},
"query": {
"@type": "string",
"@value": "*"
}
},
"position": null
}
]
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0+db6cf59"
}
]
},
{
"v": "1",
"type": {
"name": "input",
"version": "1"
},
"id": "fa2ca431-c30d-455d-98b0-9ee703760760",
"data": {
"title": {
"@type": "string",
"@value": "nginx access log"
},
"configuration": {
"expand_structured_data": {
"@type": "boolean",
"@value": false
},
"recv_buffer_size": {
"@type": "integer",
"@value": 1048576
},
"port": {
"@type": "integer",
"@value": 12304
},
"number_worker_threads": {
"@type": "integer",
"@value": 4
},
"force_rdns": {
"@type": "boolean",
"@value": false
},
"allow_override_date": {
"@type": "boolean",
"@value": true
},
"bind_address": {
"@type": "string",
"@value": "0.0.0.0"
},
"store_full_message": {
"@type": "boolean",
"@value": false
}
},
"static_fields": {
"from_nginx": {
"@type": "string",
"@value": "true"
},
"nginx_access": {
"@type": "string",
"@value": "true"
}
},
"type": {
"@type": "string",
"@value": "org.graylog2.inputs.syslog.udp.SyslogUDPInput"
},
"global": {
"@type": "boolean",
"@value": true
},
"extractors": [
{
"target_field": {
"@type": "string",
"@value": "json"
},
"condition_value": {
"@type": "string",
"@value": ""
},
"order": {
"@type": "integer",
"@value": 2
},
"converters": [],
"configuration": {
"replacement": {
"@type": "string",
"@value": "-"
},
"regex": {
"@type": "string",
"@value": ".*"
}
},
"source_field": {
"@type": "string",
"@value": "json"
},
"title": {
"@type": "string",
"@value": "Empty JSON field"
},
"type": {
"@type": "string",
"@value": "REGEX_REPLACE"
},
"cursor_strategy": {
"@type": "string",
"@value": "COPY"
},
"condition_type": {
"@type": "string",
"@value": "NONE"
}
},
{
"target_field": {
"@type": "string",
"@value": ""
},
"condition_value": {
"@type": "string",
"@value": ""
},
"order": {
"@type": "integer",
"@value": 1
},
"converters": [],
"configuration": {
"flatten": {
"@type": "boolean",
"@value": true
},
"list_separator": {
"@type": "string",
"@value": ", "
},
"kv_separator": {
"@type": "string",
"@value": "="
},
"key_prefix": {
"@type": "string",
"@value": ""
},
"key_separator": {
"@type": "string",
"@value": "_"
},
"replace_key_whitespace": {
"@type": "boolean",
"@value": false
},
"key_whitespace_replacement": {
"@type": "string",
"@value": "_"
}
},
"source_field": {
"@type": "string",
"@value": "json"
},
"title": {
"@type": "string",
"@value": "Extract JSON fields"
},
"type": {
"@type": "string",
"@value": "JSON"
},
"cursor_strategy": {
"@type": "string",
"@value": "COPY"
},
"condition_type": {
"@type": "string",
"@value": "NONE"
}
},
{
"target_field": {
"@type": "string",
"@value": "json"
},
"condition_value": {
"@type": "string",
"@value": ""
},
"order": {
"@type": "integer",
"@value": 0
},
"converters": [],
"configuration": {
"regex_value": {
"@type": "string",
"@value": "nginx:\\s+(.*)"
}
},
"source_field": {
"@type": "string",
"@value": "message"
},
"title": {
"@type": "string",
"@value": "Get JSON from syslog message"
},
"type": {
"@type": "string",
"@value": "REGEX"
},
"cursor_strategy": {
"@type": "string",
"@value": "COPY"
},
"condition_type": {
"@type": "string",
"@value": "NONE"
}
},
{
"target_field": {
"@type": "string",
"@value": "message"
},
"condition_value": {
"@type": "string",
"@value": ""
},
"order": {
"@type": "integer",
"@value": 3
},
"converters": [],
"configuration": {
"replacement": {
"@type": "string",
"@value": "$1"
},
"regex": {
"@type": "string",
"@value": ".*request\": \"(.*?)\".*"
}
},
"source_field": {
"@type": "string",
"@value": "message"
},
"title": {
"@type": "string",
"@value": "Reduced message to path"
},
"type": {
"@type": "string",
"@value": "REGEX_REPLACE"
},
"cursor_strategy": {
"@type": "string",
"@value": "COPY"
},
"condition_type": {
"@type": "string",
"@value": "NONE"
}
}
]
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0+db6cf59"
}
]
},
{
"v": "1",
"type": {
"name": "input",
"version": "1"
},
"id": "540d1628-ceed-49d4-8960-068c5afaa993",
"data": {
"title": {
"@type": "string",
"@value": "nginx error log"
},
"configuration": {
"expand_structured_data": {
"@type": "boolean",
"@value": false
},
"recv_buffer_size": {
"@type": "integer",
"@value": 1048576
},
"port": {
"@type": "integer",
"@value": 12305
},
"number_worker_threads": {
"@type": "integer",
"@value": 4
},
"force_rdns": {
"@type": "boolean",
"@value": false
},
"allow_override_date": {
"@type": "boolean",
"@value": true
},
"bind_address": {
"@type": "string",
"@value": "0.0.0.0"
},
"store_full_message": {
"@type": "boolean",
"@value": false
}
},
"static_fields": {
"nginx_error": {
"@type": "string",
"@value": "true"
},
"from_nginx": {
"@type": "string",
"@value": "true"
}
},
"type": {
"@type": "string",
"@value": "org.graylog2.inputs.syslog.udp.SyslogUDPInput"
},
"global": {
"@type": "boolean",
"@value": true
},
"extractors": [
{
"target_field": {
"@type": "string",
"@value": "server"
},
"condition_value": {
"@type": "string",
"@value": "server"
},
"order": {
"@type": "integer",
"@value": 1
},
"converters": [],
"configuration": {
"regex_value": {
"@type": "string",
"@value": "server:\\s(.+?)(,|$)"
}
},
"source_field": {
"@type": "string",
"@value": "message"
},
"title": {
"@type": "string",
"@value": "server"
},
"type": {
"@type": "string",
"@value": "REGEX"
},
"cursor_strategy": {
"@type": "string",
"@value": "COPY"
},
"condition_type": {
"@type": "string",
"@value": "STRING"
}
},
{
"target_field": {
"@type": "string",
"@value": "timestamp"
},
"condition_value": {
"@type": "string",
"@value": ""
},
"order": {
"@type": "integer",
"@value": 0
},
"converters": [
{
"type": {
"@type": "string",
"@value": "DATE"
},
"configuration": {
"date_format": {
"@type": "string",
"@value": "yyyy/MM/dd HH:mm:ss "
}
}
}
],
"configuration": {
"regex_value": {
"@type": "string",
"@value": "^.*:\\s(\\d\\d\\d\\d/\\d\\d/\\d\\d\\s\\d\\d:\\d\\d:\\d\\d)\\s.*$"
}
},
"source_field": {
"@type": "string",
"@value": "message"
},
"title": {
"@type": "string",
"@value": "Timestamp"
},
"type": {
"@type": "string",
"@value": "REGEX"
},
"cursor_strategy": {
"@type": "string",
"@value": "COPY"
},
"condition_type": {
"@type": "string",
"@value": "NONE"
}
},
{
"target_field": {
"@type": "string",
"@value": "remote_addr"
},
"condition_value": {
"@type": "string",
"@value": "client"
},
"order": {
"@type": "integer",
"@value": 2
},
"converters": [],
"configuration": {
"regex_value": {
"@type": "string",
"@value": "client:\\s(.+?)(,|$)"
}
},
"source_field": {
"@type": "string",
"@value": "message"
},
"title": {
"@type": "string",
"@value": "remote_addr/client"
},
"type": {
"@type": "string",
"@value": "REGEX"
},
"cursor_strategy": {
"@type": "string",
"@value": "COPY"
},
"condition_type": {
"@type": "string",
"@value": "STRING"
}
},
{
"target_field": {
"@type": "string",
"@value": "host"
},
"condition_value": {
"@type": "string",
"@value": "host"
},
"order": {
"@type": "integer",
"@value": 3
},
"converters": [],
"configuration": {
"regex_value": {
"@type": "string",
"@value": "host:\\s\"(.+?)\"(,|$)"
}
},
"source_field": {
"@type": "string",
"@value": "message"
},
"title": {
"@type": "string",
"@value": "host"
},
"type": {
"@type": "string",
"@value": "REGEX"
},
"cursor_strategy": {
"@type": "string",
"@value": "COPY"
},
"condition_type": {
"@type": "string",
"@value": "STRING"
}
},
{
"target_field": {
"@type": "string",
"@value": "request_verb"
},
"condition_value": {
"@type": "string",
"@value": "request"
},
"order": {
"@type": "integer",
"@value": 5
},
"converters": [],
"configuration": {
"regex_value": {
"@type": "string",
"@value": "request:\\s\"(GET|HEAD|POST|PUT|DELETE|TRACE|OPTIONS|CONNECT|PATCH).+\"(,|$)"
}
},
"source_field": {
"@type": "string",
"@value": "message"
},
"title": {
"@type": "string",
"@value": "request_verb"
},
"type": {
"@type": "string",
"@value": "REGEX"
},
"cursor_strategy": {
"@type": "string",
"@value": "COPY"
},
"condition_type": {
"@type": "string",
"@value": "STRING"
}
},
{
"target_field": {
"@type": "string",
"@value": "request_path"
},
"condition_value": {
"@type": "string",
"@value": "request"
},
"order": {
"@type": "integer",
"@value": 4
},
"converters": [],
"configuration": {
"regex_value": {
"@type": "string",
"@value": "request:\\s\"(.+?)\"(,|$)"
}
},
"source_field": {
"@type": "string",
"@value": "message"
},
"title": {
"@type": "string",
"@value": "request_path/request"
},
"type": {
"@type": "string",
"@value": "REGEX"
},
"cursor_strategy": {
"@type": "string",
"@value": "COPY"
},
"condition_type": {
"@type": "string",
"@value": "STRING"
}
}
]
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0+db6cf59"
}
]
},
{
"v": "1",
"type": {
"name": "stream",
"version": "1"
},
"id": "40645de4-746e-4ec0-86ec-47d893ded9b6",
"data": {
"alarm_callbacks": [],
"outputs": [],
"remove_matches": {
"@type": "boolean",
"@value": false
},
"title": {
"@type": "string",
"@value": "nginx HTTP 4XXs"
},
"stream_rules": [
{
"type": {
"@type": "string",
"@value": "GREATER"
},
"field": {
"@type": "string",
"@value": "response_status"
},
"value": {
"@type": "string",
"@value": "399"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
},
{
"type": {
"@type": "string",
"@value": "SMALLER"
},
"field": {
"@type": "string",
"@value": "response_status"
},
"value": {
"@type": "string",
"@value": "500"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
},
{
"type": {
"@type": "string",
"@value": "EXACT"
},
"field": {
"@type": "string",
"@value": "from_nginx"
},
"value": {
"@type": "string",
"@value": "true"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
}
],
"alert_conditions": [],
"matching_type": {
"@type": "string",
"@value": "AND"
},
"disabled": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": "All requests that were answered with a HTTP code in the 400 range by nginx"
},
"default_stream": {
"@type": "boolean",
"@value": false
}
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0+db6cf59"
}
]
},
{
"v": "1",
"type": {
"name": "stream",
"version": "1"
},
"id": "5a0abcb1-b5af-4239-96f6-d8fc786c54be",
"data": {
"alarm_callbacks": [],
"outputs": [],
"remove_matches": {
"@type": "boolean",
"@value": false
},
"title": {
"@type": "string",
"@value": "nginx requests"
},
"stream_rules": [
{
"type": {
"@type": "string",
"@value": "EXACT"
},
"field": {
"@type": "string",
"@value": "nginx_access"
},
"value": {
"@type": "string",
"@value": "true"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
}
],
"alert_conditions": [],
"matching_type": {
"@type": "string",
"@value": "AND"
},
"disabled": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": "All requests that were logged into the nginx access_log"
},
"default_stream": {
"@type": "boolean",
"@value": false
}
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0+db6cf59"
}
]
},
{
"v": "1",
"type": {
"name": "stream",
"version": "1"
},
"id": "3b4da8c0-e9f8-42f9-8f41-9222caa8f407",
"data": {
"alarm_callbacks": [],
"outputs": [],
"remove_matches": {
"@type": "boolean",
"@value": false
},
"title": {
"@type": "string",
"@value": "nginx"
},
"stream_rules": [
{
"type": {
"@type": "string",
"@value": "EXACT"
},
"field": {
"@type": "string",
"@value": "from_nginx"
},
"value": {
"@type": "string",
"@value": "true"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
}
],
"alert_conditions": [],
"matching_type": {
"@type": "string",
"@value": "AND"
},
"disabled": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": "all message to nginx_access and nginx_error"
},
"default_stream": {
"@type": "boolean",
"@value": false
}
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0+db6cf59"
}
]
},
{
"v": "1",
"type": {
"name": "stream",
"version": "1"
},
"id": "6bfbdd7e-638a-4ff5-a3e0-327a21bad701",
"data": {
"alarm_callbacks": [],
"outputs": [],
"remove_matches": {
"@type": "boolean",
"@value": false
},
"title": {
"@type": "string",
"@value": "nginx HTTP 404s"
},
"stream_rules": [
{
"type": {
"@type": "string",
"@value": "EXACT"
},
"field": {
"@type": "string",
"@value": "response_status"
},
"value": {
"@type": "string",
"@value": "404"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
},
{
"type": {
"@type": "string",
"@value": "EXACT"
},
"field": {
"@type": "string",
"@value": "from_nginx"
},
"value": {
"@type": "string",
"@value": "true"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
}
],
"alert_conditions": [],
"matching_type": {
"@type": "string",
"@value": "AND"
},
"disabled": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": "All requests that were answered with a HTTP 404 by nginx"
},
"default_stream": {
"@type": "boolean",
"@value": false
}
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0+db6cf59"
}
]
},
{
"v": "1",
"type": {
"name": "stream",
"version": "1"
},
"id": "be3273d1-ff76-4ab5-8471-f7f2c3a8593e",
"data": {
"alarm_callbacks": [],
"outputs": [],
"remove_matches": {
"@type": "boolean",
"@value": false
},
"title": {
"@type": "string",
"@value": "nginx HTTP 5XXXs"
},
"stream_rules": [
{
"type": {
"@type": "string",
"@value": "GREATER"
},
"field": {
"@type": "string",
"@value": "response_status"
},
"value": {
"@type": "string",
"@value": "499"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
},
{
"type": {
"@type": "string",
"@value": "SMALLER"
},
"field": {
"@type": "string",
"@value": "response_status"
},
"value": {
"@type": "string",
"@value": "600"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
},
{
"type": {
"@type": "string",
"@value": "EXACT"
},
"field": {
"@type": "string",
"@value": "from_nginx"
},
"value": {
"@type": "string",
"@value": "true"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
}
],
"alert_conditions": [],
"matching_type": {
"@type": "string",
"@value": "AND"
},
"disabled": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": "All requests that were answered with a HTTP code in the 500 range by nginx"
},
"default_stream": {
"@type": "boolean",
"@value": false
}
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0+db6cf59"
}
]
},
{
"v": "1",
"type": {
"name": "stream",
"version": "1"
},
"id": "1a3bec0f-34e6-41dc-9d38-fb0997fef588",
"data": {
"alarm_callbacks": [],
"outputs": [],
"remove_matches": {
"@type": "boolean",
"@value": false
},
"title": {
"@type": "string",
"@value": "nginx errors"
},
"stream_rules": [
{
"type": {
"@type": "string",
"@value": "EXACT"
},
"field": {
"@type": "string",
"@value": "nginx_error"
},
"value": {
"@type": "string",
"@value": "true"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
}
],
"alert_conditions": [],
"matching_type": {
"@type": "string",
"@value": "AND"
},
"disabled": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": "All requests that were logged into the nginx error_log"
},
"default_stream": {
"@type": "boolean",
"@value": false
}
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0+db6cf59"
}
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink