Sensu Enterprise Dashboard

Reference Documentation

What is the Sensu Enterprise Dashboard?

The Sensu Enterprise Dashboard is a simple web-based application that provides realtime visibility into Sensu monitoring data, with dedicated views for monitoring events, clients, checks, aggregates, data centers, and more. The dashboard provides powerful global search features for filtering views so users can focus on the data that’s important to them. The dashboard also provides basic operational controls to acknowledge or otherwise “silence” monitoring events, request ad hoc execution of monitoring checks, and much more.

What is Uchiwa?

The Sensu Enterprise Dashboard is based on the open-source – and community developed – Uchiwa dashboard. Very much like the relationship between Sensu Core and Sensu Enterprise, the Sensu Enterprise Dashboard builds on top of Uchiwa via a number of added-value extensions (e.g. Role Based Access Controls; LDAP, GitHub, and GitLab authentication; Audit Logging; etc), which development also results in many contributions to the open-source Uchiwa dashboard project.

What is the Sensu Enterprise Console?

The Sensu Enterprise Console is a federated API endpoint provided by the Sensu Enterprise Dashboard for API access to multiple Sensu datacenters (available in Sensu Enterprise Dashboard version 1.10 and newer). This API provides added-value features including token-based authentication and granular role-based access controls.

NOTE: the Sensu Enterprise Dashboard is comprised of two components: a backend service (API) for aggregating monitoring data from one or more Sensu datacenters, and a web application for displaying this information. As of Sensu Enterprise Dashboard version 1.10, this Sensu Enterprise Dashboard backend has been updated so that it provides the same API endpoints as the Sensu API. Prior to version 1.10, the Sensu Enterprise Dashboard backend used different API routes for accessing data from specific datacenters; for example, client data was accessible via /clients/us-west-1/:client instead of /clients/:client?dc=us-west-1. Version 1.11 introduced access token-based authentication, and version 1.12 introduced RBAC for the Console API.

What is a Sensu “datacenter”?

The Sensu Enterprise Dashboard provides access to monitoring data from one or more Sensu “datacenters”. A Sensu datacenter is simply a Sensu API endpoint, which corresponds to a Sensu installation consisting of one or more Sensu servers in cluster (multiple API endpoints may be provided by a single Sensu installation or cluster).

Dashboard configuration

Example dashboard configuration

The following is the bare minimum that should be included in your Sensu Enterprise Dashboard configuration.

{
  "sensu": [
    {
      "name": "sensu-server-1",
      "host": "api1.example.com",
      "port": 4567
    }
  ],
  "dashboard": {
    "host": "0.0.0.0",
    "port": 3000
  }
}

NOTE: the Sensu Enterprise Dashboard requires two configuration scopes: sensu and dashboard (see Dashboard definition specification, below).

Dashboard definition specification

The Sensu Enterprise dashboard uses two configuration scopes: the { "sensu": {} } configuration scope provides connection details for one or more Sensu API endpoints (i.e. datacenters), and the { "dashboard": {} } configuration scope is used to configure the behavior of the dashboard itself.

NOTE: by default, the Sensu Enterprise Dashboard will load configuration from /etc/sensu/dashboard.json and/or from JSON configuration files located in /etc/sensu/dashboard.d/**.json, with the same configuration merging behavior as described here.

sensu attributes

name
description
The name of the Sensu API (used elsewhere as the datacenter name).
required
false
type
String
default
randomly generated
example
"name": "us-west-1"
host
description
The hostname or IP address of the Sensu API.
required
true
type
String
example
"host": "127.0.0.1"
port
description
The port of the Sensu API.
required
false
type
Integer
default
4567
example
"port": 4567
ssl
description
Determines whether or not to use the HTTPS protocol.
required
false
type
Boolean
default
false
example
"ssl": true
insecure
description
Determines whether or not to accept an insecure SSL certificate.
required
false
type
Boolean
default
false
example
"insecure": true
path
description
The path of the Sensu API. Leave empty unless your Sensu API is not mounted to /.
required
false
type
String
example
"path": "/my_api"
timeout
description
The timeout for the Sensu API, in seconds.
required
false
type
Integer
default
5
example
"timeout": 15
user
description
The username of the Sensu API. Leave empty for no authentication.
required
false
type
String
example
"user": "my_sensu_api_username"
pass
description
The password of the Sensu API. Leave empty for no authentication.
required
false
type
String
example
"pass": "my_sensu_api_password"

dashboard attributes

host
description
The hostname or IP address on which Sensu Enterprise Dashboard will listen on.
required
false
type
String
default
“0.0.0.0”
example
"host": "1.2.3.4"
port
description
The port on which Sensu Enterprise Dashboard and Console API will listen on.
required
false
type
Integer
default
3000
example
"port": 3000
refresh
description
Determines the interval to poll the Sensu APIs, in seconds.
required
false
type
Integer
default
5
example
"refresh": 5
ssl
description
A hash of SSL configuration for native SSL support.
required
false
type
Hash
example
"ssl": {
    "certfile": "/path/to/dashboard.pem",
    "keyfile": "/path/to/dashboard.key"
}
user
description
A username to enable simple authentication and restrict access to the dashboard. Leave blank along with pass to disable simple authentication.
required
false
type
String
example
"user": "admin"
pass
description
A password to enable simple authentication and restrict access to the dashboard. Leave blank along with user to disable simple authentication.
required
false
type
String
example
"pass": "secret"
auth
description
The auth definition scope, used to configure JSON Web Token (JWT) authentication signatures.
required
false
type
Hash
example
"auth": {
  "privatekey": "/path/to/console.rsa",
  "publickey": "/path/to/console.rsa.pub"
}
audit
description
The audit definition scope, used to configure Audit Logging for the Sensu Enterprise Dashboard.
required
false
type
Hash
example
"audit": {
  "logfile": "/var/log/sensu/sensu-enterprise-dashboard-audit.log",
  "level": "default"
}
ldap
description
The ldap configuration scope, used to configure Role Based Access Controls with the RBAC for LDAP driver. Overrides simple authentication.
required
false
type
Hash
example
"ldap": {
  "server": "localhost",
  "port": 389,
  "basedn": "cn=users,dc=domain,dc=tld",
  "binduser": "cn=binder,cn=users,dc=domain,dc=tld",
  "bindpass": "secret",
  "roles": [
    {
      "name": "guests",
      "members": [
        "guests_group"
      ],
      "datacenters": [
        "us-west-1"
      ],
      "subscriptions": [
        "webserver"
      ],
      "readonly": true
    },
    {
      "name": "operators",
      "members": [
        "operators_group"
      ],
      "datacenters": [],
      "subscriptions": [],
      "readonly": false
    }
  ],
  "insecure": false,
  "security": "none",
  "userattribute": "sAMAccountName"
}
github
description
The github definition scope, used to configure Role Based Access Controls with the RBAC for GitHub driver. Overrides simple authentication.
required
false
type
Hash
example
"github": {
  "clientId": "a8e43af034e7f2608780",
  "clientSecret": "b63968394be6ed2edb61c93847ee792f31bf6216",
  "server": "https://github.com",
  "roles": [
    {
      "name": "guests",
      "members": [
        "myorganization/devs"
      ],
      "datacenters": [
        "us-west-1"
      ],
      "subscriptions": [
        "webserver"
      ],
      "readonly": true
    },
    {
      "name": "operators",
      "members": [
        "myorganization/owners"
      ],
      "datacenters": [],
      "subscriptions": [],
      "readonly": false
    }
  ]
}
gitlab
description
The gitlab definition scope, used to configure Role Based Access Controls with the RBAC for GitLab driver. Overrides simple authentication.
required
false
type
Hash
example
"gitlab": {
  "clientId": "a8e43af034e7f2608780",
  "clientSecret": "b63968394be6ed2edb61c93847ee792f31bf6216",
  "server": "https://github.com",
  "roles": [
    {
      "name": "guests",
      "members": [
        "myorganization/devs"
      ],
      "datacenters": [
        "us-west-1"
      ],
      "subscriptions": [
        "webserver"
      ],
      "readonly": true
    },
    {
      "name": "operators",
      "members": [
        "myorganization/owners"
      ],
      "datacenters": [],
      "subscriptions": [],
      "readonly": false
    }
  ]
}

auth attributes

NOTE: By default, temporary keys are generated when the Sensu Enterprise Dashboard starts. These keys are later destroyed once the process is stopped or restarted. These keys are used for generating and validating the signatures of the JSON Web Tokens (JWT) for authentication. Specifying static keys is supported and is necessary when using Sensu Enterprise Console behind a load balancer. Static keys can be configured by using the auth attributes detailed below.

privatekey
description
Path to a private RSA key used for generating and validating the signatures of the JSON Web Tokens (JWT) for authentication.
required
false
type
String
example
"auth": {
  "privatekey": "/path/to/console.rsa"
}
public
description
Path to a public RSA key used for generating and validating the signatures of the JSON Web Tokens (JWT) for authentication.
required
false
type
String
example
"auth": {
  "publickey": "/path/to/console.rsa.pub"
}

audit attributes

Please see the Sensu Enterprise Dashboard Audit Logging reference documentation for information on how to configure the dashboard for audit logging purposes.

ldap attributes

Please see the RBAC for LDAP reference documentation for information on how to configure the dashboard for RBAC with LDAP.

github attributes

Please see the RBAC for GitHub reference documentation for information on how to configure the dashboard for RBAC with GitHub.com or GitHub Enterprise.

gitlab attributes

Please see the RBAC for GitLab reference documentation for information on how to configure the dashboard for RBAC with GitLab.

Start your FREE trial today.

Already using Sensu Core? Upgrade to Sensu Enterprise today to take advantage of its enterprise console, added-value features, built-in integrations, FREE annual training, and enterprise-class support.