-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathWinDHCP_content_pack.json
1 lines (1 loc) · 10.2 KB
/
WinDHCP_content_pack.json
1
{"name":"WinDHCP Summary","description":"Windows DHCP Debug","category":"Windows DHCP","inputs":[{"title":"WinDHCPLogs-gelf","configuration":{"override_source":null,"recv_buffer_size":1048576,"bind_address":"192.168.20.210","port":5441},"static_fields":{},"type":"org.graylog2.inputs.gelf.udp.GELFUDPInput","global":false,"extractors":[{"title":"ID 00","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"The log was started.","regex":"^00.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":1},{"title":"ID 10","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"A new IP address was leased to a client.","regex":"^10.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":4},{"title":"ID 13","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"An IP address was found to be in use on the network.","regex":"^13.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":7},{"title":"ID 17","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"A lease was expired and DNS records for an expired leases have not been deleted.","regex":"^17.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":11},{"title":"ID 16","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"A lease was deleted.","regex":"^16.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":10},{"title":"ID 24","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"IP address cleanup operation has began.","regex":"^24.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":17},{"title":"ID 32","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"DNS update successful.","regex":"^32.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":21},{"title":"ID 31","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"DNS update failed.","regex":"^31.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":20},{"title":"ID 34","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"DNS update request failed.as the DNS update request queue limit exceeded.","regex":"^34.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":23},{"title":"ID 11","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"A lease was renewed by a client.","regex":"^11.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":5},{"title":"ID 01","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"The log was stopped.","regex":"^01.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":2},{"title":"ID 15","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"A lease was denied.","regex":"^15.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":9},{"title":"ID 18","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"A lease was expired and DNS records were deleted.","regex":"^18.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":12},{"title":"ID 20","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"A BOOTP address was leased to a client.","regex":"^20.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":13},{"title":"ID 22","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"A BOOTP request could not be satisfied because the scope's address pool for BOOTP was exhausted.","regex":"^22.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":15},{"title":"ID 21","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"A dynamic BOOTP address was leased to a client.","regex":"^21.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":14},{"title":"ID 30","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"DNS update request to the named DNS server.","regex":"^30.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":19},{"title":"ID 12","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"A lease was released by a client.","regex":"^12.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":6},{"title":"ID 25","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"IP address cleanup statistics.","regex":"^25.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":18},{"title":"ID 33","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"Packet dropped due to NAP policy.","regex":"^33.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":22},{"title":"ID 23","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"A BOOTP IP address was deleted after checking to see it was not in use.","regex":"^23.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":16},{"title":"ID 14","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"A lease request could not be satisfied because the scope's address pool was exhausted.","regex":"^14.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":8},{"title":"ID 02","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"The log was temporarily paused due to low disk space.","regex":"^02.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":3},{"title":"ID 50","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"Codes above 50 are used for Rogue Server Detection information.","regex":"^50.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":25},{"title":"ID 35","type":"REGEX_REPLACE","cursor_strategy":"COPY","target_field":"ID_Description","source_field":"message","configuration":{"replacement":"DNS update request failed.","regex":"^35.*"},"converters":[],"condition_type":"REGEX","condition_value":"[0-9]{2}","order":24},{"title":"WinDHCP_Debug_Log","type":"COPY_INPUT","cursor_strategy":"COPY","target_field":"message","source_field":"message","configuration":{},"converters":[{"type":"CSV","configuration":{"column_header":"ID,Date,Time,Description,IP Address,Host Name,MAC Address,User Name, TransactionID, QResult,Probationtime, CorrelationID,Dhcid"}}],"condition_type":"REGEX","condition_value":"^([^,]*,){12}[^,]*$","order":0}]}],"streams":[],"outputs":[],"dashboards":[{"title":"WinDHCP Summary (1d)","description":"WinDHCP Summary","dashboard_widgets":[{"description":"Total DHCP Requests (24hr)","type":"SEARCH_RESULT_COUNT","cache_time":10,"configuration":{"interval":"minute","timerange":{"type":"relative","range":86400},"lower_is_better":true,"trend":true,"query":"gl2_source_input:578f97cf0ae2f10b1139b06a"},"col":3,"row":1,"height":1,"width":1},{"description":"Total DHCP Requests (24hr)","type":"SEARCH_RESULT_CHART","cache_time":10,"configuration":{"interval":"hour","timerange":{"type":"relative","range":86400},"query":"gl2_source_input:578f97cf0ae2f10b1139b06a"},"col":1,"row":1,"height":1,"width":2},{"description":"Total Requests By Hostname","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"Hostname","query":"gl2_source_input:578f97cf0ae2f10b1139b06a","show_data_table":true,"interval":"hour","show_pie_chart":true},"col":2,"row":2,"height":3,"width":1},{"description":"Total Requests By Response","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"ID_Description","query":"gl2_source_input:578f97cf0ae2f10b1139b06a","show_data_table":true,"interval":"hour","show_pie_chart":true},"col":1,"row":2,"height":3,"width":1},{"description":"Total Requests By MAC","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"Mac","query":"gl2_source_input:578f97cf0ae2f10b1139b06a","show_data_table":true,"interval":"hour","show_pie_chart":true},"col":4,"row":2,"height":3,"width":1},{"description":"Total Requests By Server","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"source","query":"gl2_source_input:578f97cf0ae2f10b1139b06a","show_data_table":true,"interval":"hour","show_pie_chart":false},"col":4,"row":1,"height":1,"width":1},{"description":"Total Requests By IP","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"IP","query":"gl2_source_input:578f97cf0ae2f10b1139b06a","show_data_table":true,"interval":"hour","show_pie_chart":true},"col":3,"row":2,"height":3,"width":1}]}],"grok_patterns":[]}