Once you’ve logged into Security Onion Console (SOC), you can then click the Grafana link to see system health information.
On a distributed deployment, you will default to the manager dashboard. There are also dashboards for other node types. Once you’ve accessed the node dashboards, they should be added to
Recently viewed dashboards which is accessible by simply clicking the Dashboards icon:
By default, you will be viewing Grafana as an anonymous user. If you want to make changes to the default Grafana dashboards, you will need to log into Grafana with username
admin and the randomized password found via
sudo salt-call pillar.get secrets.
Grafana configuration can be found in
/opt/so/conf/grafana/etc/. However, please keep in mind that most configuration is managed with Salt, so if you manually make any modifications in
/opt/so/conf/grafana/etc/, they may be overwritten at the next salt update.
The default configuration options can be seen in
/opt/so/saltstack/default/salt/grafana/defaults.yaml. Any options not specified in here, will use the Grafana default.
If you want to configure and enable SMTP for Grafana, place the following in the
If you have files referenced in the config file, those can be placed in
Those files will be then be placed in
/opt/so/conf/grafana/etc/files on the minion and mapped to
/etc/grafana/config/files/ within the container.
grafana: config: smtp: enabled: true host: smtphost.mydomain:25 user: myuser # If the password contains # or ; you have to wrap it with triple quotes wrapped by single quotes. Ex '"""#password;"""' password: mypassword # cert_file: /etc/grafana/config/files/smtp_cert_file.crt # key_file: /etc/grafana/config/files/smtp_key_file.key # skip_verify: false from_address: firstname.lastname@example.org from_name: Grafana # ehlo_identity: dashboard.example.com