← All dashboards

Bitvise SFTP Logs

Bitvise SFTP dashboard

Bitvise SFTP Log Dashboard

Dashboard to visualize Bitvise SFTP Log data from Bitvise

Dashboard is setup to filter based on a host name or by virtual account. The Logstash filter files have been provided on Github, along with Filebeat config.

Bugs, suggestions and feedback.

Bug reports, suggestions and feedback to GitHub please!

Gotchas

  • Some panels formatting expect all accounts to begin with sftp. If a panel is all on the Y-axis, remove the formatting.
  • All panels and variables are based on the VirtualUser. Nothing has been setup for the WindowsUser. If you use Windows accounts for logins you’ll need to edit the panels.

Logstash filter

filter {
  if "bitvise" in [tags] {
    xml {
      force_array => false
      source => "message"
      store_xml => true
      target => "sftp"
      remove_field => [ "message" ]
    }
mutate {
        convert => {"[sftp][parameters][channelBytesReceived]" => "integer"}
        convert => {"[sftp][parameters][channelBytesSent]" => "integer"}
        convert => {"[sftp][parameters][payloadBytesReceived]" => "integer"}
        convert => {"[sftp][parameters][payloadBytesSent]" => "integer"}
        convert => {"[sftp][parameters][socketBytesReceived]" => "integer"}
        convert => {"[sftp][parameters][socketBytesSent]" => "integer"}
        convert => {"[sftp][parameters][bytesReceived]" => "integer"}
        convert => {"[sftp][parameters][bytesSent]" => "integer"}
        convert => {"[sftp][seq]" => "integer"}
        convert => {"[sftp][session][id]" => "integer"}
        convert => {"[sftp][sessions][ftp]" => "integer"}
        convert => {"[sftp][sessions][ftpAuth]" => "integer"}
        convert => {"[sftp][sessions][ssh]" => "integer"}
        convert => {"[sftp][sessions][sshAut]" => "integer"}
        convert => {"[sftp][error][code]" => "integer"}
        convert => {"[sftp][sfs][code]" => "integer"}
        convert => {"[sftp][sfs][parameters][bytesRead]" => "integer"}
        convert => {"[sftp][sfs][parameters][bytesWritten]" => "integer"}
        convert => {"[sftp][sfs][parameters][finalSize]" => "integer"}
        convert => {"[sftp][sfs][parameters][readRangeLength]" => "integer"}
        convert => {"[sftp][sfs][parameters][readRangeOffset]" => "integer"}
        convert => {"[sftp][sfs][parameters][startSize]" => "integer"}
        convert => {"[sftp][sfs][parameters][timeMs]" => "integer"}
        convert => {"[sftp][sfs][parameters][upload]" => "integer"}
        convert => {"[sftp][sfs][parameters][writeRangeLength]" => "integer"}
        convert => {"[sftp][sfs][parameters][writeRangeOffset]" => "integer"}
          split => { "[sftp][session][remoteAddress]" => ":"}
            add_field => { "remoteIP" => "%{[sftp][session][remoteAddress][0]}"
          }
       }
  geoip {
    source => "remoteIP"
  }
  date{
    match => ["sftp.time" , "yyyy-MM-dd HH:mm:ss.SSS Z"]
  }
  }
}

Screenshots

Bitvise SFTP Log Dashboard Bitvise SFTP Log Dashboard

Dashboard revisions

RevisionDecscriptionCreated

Reviews

Login or Sign up to write a review

Reviews from the community

Get this dashboard

Data source:

Dependencies:

Import the dashboard template:

or

Download JSON

Docs: Importing dashboards

Downloads: 259