random936/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Logging changes: new hdd, removed ideapad instance, graylog

Browse Source
This commit is contained in:
Random936 2025-04-15 11:50:46 -07:00
parent 575ced3c41
commit 8125fe2bd2
3 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
config/assets/suricata.yaml
View File

@ -31,7 +31,7 @@ vars:
TEREDO_PORTS: 3544 TEREDO_PORTS: 3544
SIP_PORTS: "[5060, 5061]" SIP_PORTS: "[5060, 5061]"
default-log-dir: /home/logging/logs default-log-dir: /mnt/logs/suricata
classification-file: /etc/suricata/classification.config classification-file: /etc/suricata/classification.config
reference-config-file: /etc/suricata/reference.config reference-config-file: /etc/suricata/reference.config
default-rule-path: /etc/suricata/rules default-rule-path: /etc/suricata/rules
@ -58,12 +58,14 @@ outputs:
- eve-log: - eve-log:
enabled: yes enabled: yes
filetype: regular filetype: regular
filename: eve.json filename: eve-%Y-%m-%d.json
rotate-interval: day
types: types:
- alert: - alert:
tagged-packets: yes tagged-packets: yes
- http: - http:
extended: yes extended: yes
dump-all-headers: both
- http2 - http2
- dns: - dns:
enabled: yes enabled: yes
@ -94,7 +96,7 @@ outputs:
- smtp - smtp
- pcap-log: - pcap-log:
enabled: yes enabled: no
filename: log.pcap filename: log.pcap
limit: 1gb limit: 1gb
max-files: 200 max-files: 200

12
config/logging.nix
View File

@ -99,10 +99,6 @@
targets = [ "192.168.100.12" ]; targets = [ "192.168.100.12" ];
labels.instance = "r730xd-idrac"; labels.instance = "r730xd-idrac";
} }
{
targets = [ "192.168.100.20" ];
labels.instance = "ideapad";
}
{ {
targets = [ "192.168.100.21" ]; targets = [ "192.168.100.21" ];
labels.instance = "r330-proxmox"; labels.instance = "r330-proxmox";
@ -189,12 +185,20 @@
]; ];
}; };
services = {
graylog.enable = true;
mongodb.enable = true;
opensearch.enable = true;
};
systemd.services.suricata = { systemd.services.suricata = {
description = "Suricata IDS/IPS"; description = "Suricata IDS/IPS";
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
serviceConfig = { serviceConfig = {
type = "simple"; type = "simple";
User = "logging"; User = "logging";
ExecStartPre = "/run/current-system/sw/bin/ip link set enp6s19 up";
ExecStart = "${pkgs.suricata}/bin/suricata -c /etc/suricata.yaml -i enp6s19"; ExecStart = "${pkgs.suricata}/bin/suricata -c /etc/suricata.yaml -i enp6s19";
Restart = "on-failure"; Restart = "on-failure";
CapabilityBoundingSet = "CAP_NET_RAW CAP_NET_ADMIN"; CapabilityBoundingSet = "CAP_NET_RAW CAP_NET_ADMIN";

5
hardware/logging.nix
View File

@ -24,6 +24,11 @@
options = [ "fmask=0022" "dmask=0022" ]; options = [ "fmask=0022" "dmask=0022" ];
}; };
fileSystems."/mnt/logs" = {
device = "/dev/disk/by-uuid/08247ec2-8e83-4bb0-b9fe-9e2a7ce3fe6c";
fsType = "ext4";
};
swapDevices = [ ]; swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking