Once you’ve logged into Security Onion Console (SOC), you can then click the Grafana link to see system health information.

On a distributed deployment, you will default to the manager dashboard. There are also dashboards for other node types. Once you’ve accessed the node dashboards, they should be added to Recently viewed dashboards which is accessible by simply clicking the Dashboards icon:


By default, you will be viewing Grafana as an anonymous user. If you want to make changes to the default Grafana dashboards, you will need to log into Grafana with username admin and the randomized password found via sudo salt-call pillar.get secrets.


Grafana configuration can be found in /opt/so/conf/grafana/etc/. However, please keep in mind that most configuration is managed with Salt, so if you manually make any modifications in /opt/so/conf/grafana/etc/, they may be overwritten at the next salt update. The default configuration options can be seen in /opt/so/saltstack/default/salt/grafana/defaults.yaml. Any options not specified in here, will use the Grafana default.

If you want to configure and enable SMTP for Grafana, place the following in the global.sls file. If you have files referenced in the config file, those can be placed in /opt/so/saltstack/default/salt/grafana/etc/files/. Those files will be then be placed in /opt/so/conf/grafana/etc/files on the minion and mapped to /etc/grafana/config/files/ within the container.

      enabled: true
      host: smtphost.mydomain:25
      user: myuser
      # If the password contains # or ; you have to wrap it with triple quotes wrapped by single quotes. Ex '"""#password;"""'
      password: mypassword
#      cert_file: /etc/grafana/config/files/smtp_cert_file.crt
#      key_file: /etc/grafana/config/files/smtp_key_file.key
#      skip_verify: false
      from_address: admin@grafana.localhost
      from_name: Grafana
#      ehlo_identity:

More Information

See also

For more information about Grafana, please see