I’m creating a Grafana dashboard on top of metrics collected by Telegraf and stored on InfluxDB, I’m using the below Suricata input plugin.
The purpose of this dashboard is to monitor the internal performance counters of Suricata, including captured traffic volume, memory usage, uptime, flow counters, and more. I’m getting all the metrics, however, didn’t find any sample dashboard for this Suricata input plugin. Can anyone have a simple Grafana dashboard for Suricata?
I have also tried below Corelight Suricata Prometheus exporter but the same problem is here, there is no sample dashboard available in the repo, If anyone using the Corelight Suricata exporter, would you please help on the dashboard and tell me which metric I should need to monitor.
Well, what should go into a dashboard depends on what aspects of your Suricata system you want to see and track over time. Some people are interested in drop rates and traffic stats, others are more interested in the composition of the traffic and observed errors. It is not trivial to come up with a dashboard that fits all sizes and questions. Hence I didn’t link to a definitive standard dashboard (FYI I’m the author of the Suricata Telegraf plugin) – is that expected in some way?
I’d suggest to just exploratively plot some interesting counters (i.e. measurements in InfluxDB lingo) in chronograf and see whether they look interesting for your use case.
You can also look at the one I am using in my personal setup: Suricata Dashboard-1691930279990.json (80.0 KB)
and make your way from there by doing some hacking on the plots.