gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(metrics): Get WAF blocked count from CrowdSec mitmproxy decisions

Browse Source 
- WAF blocked now counts mitmproxy scenario decisions (1031 blocks)
- Removed waf_threats field (redundant with waf_blocked)
- Fixed dashboard to show 3 WAF stats: Bans, Alerts, Blocked

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
CyberMind-FR 2026-03-17 12:41:14 +01:00
parent 9263fd7e4b
commit a53d2b1d63
2 changed files with 7 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
package/secubox/luci-app-metrics-dashboard/htdocs/luci-static/resources/view/metrics/dashboard.js
View File

@ -301,12 +301,8 @@ return view.extend({
E('span', { 'class': 'mx-row-val', 'id': 'w-alerts' }, String(w.alerts_today || 0)) E('span', { 'class': 'mx-row-val', 'id': 'w-alerts' }, String(w.alerts_today || 0))
]), ]),
E('div', { 'class': 'mx-row' }, [ E('div', { 'class': 'mx-row' }, [
E('span', { 'class': 'mx-row-label' }, 'WAF Threats'), E('span', { 'class': 'mx-row-label' }, 'WAF Blocked'),
E('span', { 'class': 'mx-row-val', 'id': 'w-threats' }, String(w.waf_threats || 0)) E('span', { 'class': 'mx-row-val', 'id': 'w-blocked', 'style': (w.waf_blocked || 0) > 0 ? 'color:#ff9800' : '' }, String(w.waf_blocked || 0))
]),
E('div', { 'class': 'mx-row' }, [
E('span', { 'class': 'mx-row-label' }, 'Blocked'),
E('span', { 'class': 'mx-row-val', 'id': 'w-blocked', 'style': 'color:#f44336' }, String(w.waf_blocked || 0))
]) ])
]), ]),
@ -367,7 +363,6 @@ return view.extend({
's-tcp': String(c.total_tcp || 0), 's-tcp': String(c.total_tcp || 0),
'w-bans': String(w.active_bans || 0), 'w-bans': String(w.active_bans || 0),
'w-alerts': String(w.alerts_today || 0), 'w-alerts': String(w.alerts_today || 0),
'w-threats': String(w.waf_threats || 0),
'w-blocked': String(w.waf_blocked || 0), 'w-blocked': String(w.waf_blocked || 0),
'c-https': String(c.https || 0), 'c-https': String(c.https || 0),
'c-http': String(c.http || 0), 'c-http': String(c.http || 0),

13
package/secubox/luci-app-metrics-dashboard/root/usr/libexec/rpcd/luci.metrics
View File

@ -57,7 +57,7 @@ build_overview() {
# Build WAF stats # Build WAF stats
build_waf_stats() { build_waf_stats() {
local cs_running=false mitmproxy_running=false local cs_running=false mitmproxy_running=false
local bans=0 alerts_today=0 waf_threats=0 waf_blocked=0 local bans=0 alerts_today=0 waf_blocked=0
pgrep crowdsec >/dev/null 2>&1 && cs_running=true pgrep crowdsec >/dev/null 2>&1 && cs_running=true
pgrep -f mitmdump >/dev/null 2>&1 && mitmproxy_running=true pgrep -f mitmdump >/dev/null 2>&1 && mitmproxy_running=true
@ -65,15 +65,12 @@ build_waf_stats() {
if [ "$cs_running" = "true" ]; then if [ "$cs_running" = "true" ]; then
bans=$(cscli decisions list -o json 2>/dev/null | grep -c '"id"' || echo 0) bans=$(cscli decisions list -o json 2>/dev/null | grep -c '"id"' || echo 0)
alerts_today=$(cscli alerts list --since 24h -o json 2>/dev/null | grep -c '"id"' || echo 0) alerts_today=$(cscli alerts list --since 24h -o json 2>/dev/null | grep -c '"id"' || echo 0)
# WAF blocks = mitmproxy scenario decisions
waf_blocked=$(cscli decisions list -o json 2>/dev/null | grep -c 'mitmproxy' || echo 0)
fi fi
if [ -f "/tmp/secubox-mitm-stats.json" ]; then printf '{"crowdsec_running":%s,"mitmproxy_running":%s,"active_bans":%d,"alerts_today":%d,"waf_blocked":%d}' \
waf_threats=$(jsonfilter -i /tmp/secubox-mitm-stats.json -e '@.threats_today' 2>/dev/null || echo 0) "$cs_running" "$mitmproxy_running" "$bans" "$alerts_today" "$waf_blocked"
waf_blocked=$(jsonfilter -i /tmp/secubox-mitm-stats.json -e '@.blocked_today' 2>/dev/null || echo 0)
fi
printf '{"crowdsec_running":%s,"mitmproxy_running":%s,"active_bans":%d,"alerts_today":%d,"waf_threats":%d,"waf_blocked":%d}' \
"$cs_running" "$mitmproxy_running" "$bans" "$alerts_today" "$waf_threats" "$waf_blocked"
} }
# Build connections # Build connections