Bitvise SFTP Log Dashboard

Dashboard to visualize Bitvise SFTP Log data from Bitvise

Dashboard is setup to filter based on a host name or by virtual account. The Logstash filter files have been provided on Github, along with Filebeat config.

Bugs, suggestions and feedback.

Bug reports, suggestions and feedback to GitHub please!

Gotchas

Some panels formatting expect all accounts to begin with sftp. If a panel is all on the Y-axis, remove the formatting.
All panels and variables are based on the VirtualUser. Nothing has been setup for the WindowsUser. If you use Windows accounts for logins you'll need to edit the panels.

Logstash filter

filter {
  if "bitvise" in [tags] {
    xml {
      force_array => false
      source => "message"
      store_xml => true
      target => "sftp"
      remove_field => [ "message" ]
    }
mutate {
        convert => {"[sftp][parameters][channelBytesReceived]" => "integer"}
        convert => {"[sftp][parameters][channelBytesSent]" => "integer"}
        convert => {"[sftp][parameters][payloadBytesReceived]" => "integer"}
        convert => {"[sftp][parameters][payloadBytesSent]" => "integer"}
        convert => {"[sftp][parameters][socketBytesReceived]" => "integer"}
        convert => {"[sftp][parameters][socketBytesSent]" => "integer"}
        convert => {"[sftp][parameters][bytesReceived]" => "integer"}
        convert => {"[sftp][parameters][bytesSent]" => "integer"}
        convert => {"[sftp][seq]" => "integer"}
        convert => {"[sftp][session][id]" => "integer"}
        convert => {"[sftp][sessions][ftp]" => "integer"}
        convert => {"[sftp][sessions][ftpAuth]" => "integer"}
        convert => {"[sftp][sessions][ssh]" => "integer"}
        convert => {"[sftp][sessions][sshAut]" => "integer"}
        convert => {"[sftp][error][code]" => "integer"}
        convert => {"[sftp][sfs][code]" => "integer"}
        convert => {"[sftp][sfs][parameters][bytesRead]" => "integer"}
        convert => {"[sftp][sfs][parameters][bytesWritten]" => "integer"}
        convert => {"[sftp][sfs][parameters][finalSize]" => "integer"}
        convert => {"[sftp][sfs][parameters][readRangeLength]" => "integer"}
        convert => {"[sftp][sfs][parameters][readRangeOffset]" => "integer"}
        convert => {"[sftp][sfs][parameters][startSize]" => "integer"}
        convert => {"[sftp][sfs][parameters][timeMs]" => "integer"}
        convert => {"[sftp][sfs][parameters][upload]" => "integer"}
        convert => {"[sftp][sfs][parameters][writeRangeLength]" => "integer"}
        convert => {"[sftp][sfs][parameters][writeRangeOffset]" => "integer"}
          split => { "[sftp][session][remoteAddress]" => ":"}
            add_field => { "remoteIP" => "%{[sftp][session][remoteAddress][0]}"
          }
       }
  geoip {
    source => "remoteIP"
  }
  date{
    match => ["sftp.time" , "yyyy-MM-dd HH:mm:ss.SSS Z"]
  }
  }
}

Screenshots

Bitvise SFTP Log Dashboard

Collector Configuration Details

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - L:\Bitvise\Logs\*

  tags: ["bitvise"]

  exclude_lines: ['<?xml','<log>','<start time','</log>']

  multiline.pattern: '^  <ev'

  multiline.negate: true

  multiline.match: after
  multiline.flush_pattern: '</event>'
  multiline.timeout: 15s

Bitvise SFTP Logs

by bhozar

Dashboard

Downloads: 212

Reviews: 0

Bitvise SFTP Log Dashboard

Bugs, suggestions and feedback.

Gotchas

Logstash filter

Screenshots

Collector Configuration Details

Get this dashboard:

Dependencies:

Grafana 6.6.1

Bar gauge

Elasticsearch 1.0.0

Graph (old)

Logs

Singlestat

Table

Worldmap Panel 0.2.1

Data Sources:

Collector Plugins:

Categories: