Bitvise SFTP Logs

Dashboard

Bitvise SFTP dashboard
Last updated: 7 months ago

Downloads: 135

Reviews: 0

  • grafana-bitvise-sftp-log01.png
    grafana-bitvise-sftp-log01.png
  • grafana-bitvise-sftp-log02.png
    grafana-bitvise-sftp-log02.png

Bitvise SFTP Log Dashboard

Dashboard to visualize Bitvise SFTP Log data from Bitvise

Dashboard is setup to filter based on a host name or by virtual account. The Logstash filter files have been provided on Github, along with Filebeat config.

Bugs, suggestions and feedback.

Bug reports, suggestions and feedback to GitHub please!

Gotchas

  • Some panels formatting expect all accounts to begin with sftp. If a panel is all on the Y-axis, remove the formatting.
  • All panels and variables are based on the VirtualUser. Nothing has been setup for the WindowsUser. If you use Windows accounts for logins you'll need to edit the panels.

Logstash filter

filter {
  if "bitvise" in [tags] {
    xml {
      force_array => false
      source => "message"
      store_xml => true
      target => "sftp"
      remove_field => [ "message" ]
    }
mutate {
        convert => {"[sftp][parameters][channelBytesReceived]" => "integer"}
        convert => {"[sftp][parameters][channelBytesSent]" => "integer"}
        convert => {"[sftp][parameters][payloadBytesReceived]" => "integer"}
        convert => {"[sftp][parameters][payloadBytesSent]" => "integer"}
        convert => {"[sftp][parameters][socketBytesReceived]" => "integer"}
        convert => {"[sftp][parameters][socketBytesSent]" => "integer"}
        convert => {"[sftp][parameters][bytesReceived]" => "integer"}
        convert => {"[sftp][parameters][bytesSent]" => "integer"}
        convert => {"[sftp][seq]" => "integer"}
        convert => {"[sftp][session][id]" => "integer"}
        convert => {"[sftp][sessions][ftp]" => "integer"}
        convert => {"[sftp][sessions][ftpAuth]" => "integer"}
        convert => {"[sftp][sessions][ssh]" => "integer"}
        convert => {"[sftp][sessions][sshAut]" => "integer"}
        convert => {"[sftp][error][code]" => "integer"}
        convert => {"[sftp][sfs][code]" => "integer"}
        convert => {"[sftp][sfs][parameters][bytesRead]" => "integer"}
        convert => {"[sftp][sfs][parameters][bytesWritten]" => "integer"}
        convert => {"[sftp][sfs][parameters][finalSize]" => "integer"}
        convert => {"[sftp][sfs][parameters][readRangeLength]" => "integer"}
        convert => {"[sftp][sfs][parameters][readRangeOffset]" => "integer"}
        convert => {"[sftp][sfs][parameters][startSize]" => "integer"}
        convert => {"[sftp][sfs][parameters][timeMs]" => "integer"}
        convert => {"[sftp][sfs][parameters][upload]" => "integer"}
        convert => {"[sftp][sfs][parameters][writeRangeLength]" => "integer"}
        convert => {"[sftp][sfs][parameters][writeRangeOffset]" => "integer"}
          split => { "[sftp][session][remoteAddress]" => ":"}
            add_field => { "remoteIP" => "%{[sftp][session][remoteAddress][0]}"
          }
       }
  geoip {
    source => "remoteIP"
  }
  date{
    match => ["sftp.time" , "yyyy-MM-dd HH:mm:ss.SSS Z"]
  }
  }
}

Screenshots

Bitvise SFTP Log Dashboard Bitvise SFTP Log Dashboard

Collector Configuration Details

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - L:\Bitvise\Logs\*

  tags: ["bitvise"]

  exclude_lines: ['<?xml','<log>','<start time','</log>']

  multiline.pattern: '^  <ev'

  multiline.negate: true

  multiline.match: after
  multiline.flush_pattern: '</event>'
  multiline.timeout: 15s