include docker repos

... skip emobility since it is a dev repo

docker/elk/README.md

@@ -0,0 +1,33 @@
+# dockerized elk stack
+
+
+[elk](http://www.elasticsearch.org/overview/) is a stack combining elasticsearch, logstash and the kibana dashboard. It is used to structure and vizualize data in realtime.
+
+This repository contains the necessary files to create a *dockerized* version of the elk stack.
+
+This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
+
+The `Dockerfile` contains the blueprint for the dockerized elk stack and will be used to setup the docker image.  
+
+Further, `elasticsearch.yml`, `logstash.conf`, `elkbase.tar.gz`, `elk.ico` and `kibana.svg`,  are all tailored to fit the T-Pot environment.
+
+The `supervisord.conf` is used to start elk under supervision of supervisord.
+
+Using systemd, copy the `systemd/elk.service` to `/etc/systemd/system/elk.service` and start using
+
+```
+systemctl enable elk
+systemctl start elk
+```
+
+This will make sure that the docker container is started with the appropriate permissions and port mappings. Further, it autostarts during boot.
+
+Starting with T-Pot 16.10 you can simply access the kibana dashboard by browsing to ``https://<your.ip>:64297`` and enter your web user credentials.
+
+Note: The kibana dashboard can be customized to fit your needs.
+
+By default all data will be persistently stored in `/data/elk/`. Indexed events older than 90 days will be deleted. You can adjust this behavior in `/etc/crontab` to fit your needs, but be advised to provide enough RAM and free disk-space if you wish to do so.
+
+# T-Pot Dashboard
+
+![T-Pot Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/elk/master/doc/dashboard.png)