From 175e1944c2fe33cb6742d481a494518d565081d4 Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <t3chn0m4g3@gmail.com>
Date: Mon, 30 Jun 2025 16:06:45 +0200
Subject: [PATCH] Bump Elastic Stack to 8.18.3 - Logstash: include syslog
 output plugin and config example

---
 docker/elk/docker-compose.yml            | 12 ++++++------
 docker/elk/elasticsearch/Dockerfile      |  2 +-
 docker/elk/kibana/Dockerfile             |  4 ++--
 docker/elk/logstash/Dockerfile           |  3 ++-
 docker/elk/logstash/dist/http_input.conf |  9 ++++++++-
 docker/elk/logstash/dist/logstash.conf   |  9 ++++++++-
 6 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/docker/elk/docker-compose.yml b/docker/elk/docker-compose.yml
index 6f3a2be8..51d07749 100644
--- a/docker/elk/docker-compose.yml
+++ b/docker/elk/docker-compose.yml
@@ -22,7 +22,7 @@ services:
     mem_limit: 4g
     ports:
      - "127.0.0.1:64298:9200"
-    image: "dtagdevsec/elasticsearch:24.04"
+    image: "ghcr.io/telekom-security/elasticsearch:24.04.1"
     volumes:
      - $HOME/tpotce/data:/data
 
@@ -38,7 +38,7 @@ services:
     mem_limit: 1g
     ports:
      - "127.0.0.1:64296:5601"
-    image: "dtagdevsec/kibana:24.04"
+    image: "ghcr.io/telekom-security/kibana:24.04.1"
 
 ## Logstash service
   logstash:
@@ -50,7 +50,7 @@ services:
     depends_on:
       elasticsearch:
         condition: service_healthy
-    image: "dtagdevsec/logstash:24.04"
+    image: "ghcr.io/telekom-security/logstash:24.04.1"
     volumes:
      - $HOME/tpotce/data:/data
 #     - /root/tpotce/docker/elk/logstash/dist/logstash.conf:/etc/logstash/conf.d/logstash.conf
@@ -63,7 +63,7 @@ services:
     tty: true
     ports:
       - "127.0.0.1:6379:6379"
-    image: "dtagdevsec/redis:24.04"
+    image: "ghcr.io/telekom-security/redis:24.04.1"
     read_only: true
 
 # Map Web Service
@@ -77,7 +77,7 @@ services:
     tty: true
     ports:
      - "127.0.0.1:64299:64299"
-    image: "dtagdevsec/map:24.04"
+    image: "ghcr.io/telekom-security/map:24.04.1"
     depends_on:
      - map_redis
 
@@ -89,6 +89,6 @@ services:
      - MAP_COMMAND=DataServer_v2.py
     stop_signal: SIGKILL
     tty: true
-    image: "dtagdevsec/map:24.04"
+    image: "ghcr.io/telekom-security/map:24.04.1"
     depends_on:
      - map_redis
diff --git a/docker/elk/elasticsearch/Dockerfile b/docker/elk/elasticsearch/Dockerfile
index 8fed014b..871806da 100644
--- a/docker/elk/elasticsearch/Dockerfile
+++ b/docker/elk/elasticsearch/Dockerfile
@@ -1,6 +1,6 @@
 FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND noninteractive
-ENV ES_VER=8.18.2
+ENV ES_VER=8.18.3
 #
 # Include dist
 COPY dist/ /root/dist/
diff --git a/docker/elk/kibana/Dockerfile b/docker/elk/kibana/Dockerfile
index a6f59e9f..832d7cf4 100644
--- a/docker/elk/kibana/Dockerfile
+++ b/docker/elk/kibana/Dockerfile
@@ -1,5 +1,5 @@
-FROM node:20.18.2-alpine3.20
-ENV KB_VER=8.18.2
+FROM node:20.19.2-alpine3.20
+ENV KB_VER=8.18.3
 #
 # Include dist
 COPY dist/ /root/dist/
diff --git a/docker/elk/logstash/Dockerfile b/docker/elk/logstash/Dockerfile
index a5eef7ba..9ab355e7 100644
--- a/docker/elk/logstash/Dockerfile
+++ b/docker/elk/logstash/Dockerfile
@@ -1,6 +1,6 @@
 FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND=noninteractive
-ENV LS_VER=8.18.2
+ENV LS_VER=8.18.3
 #
 # Include dist
 COPY dist/ /root/dist/
@@ -42,6 +42,7 @@ RUN apt-get update -y && \
     cp tpot-template.json /etc/logstash/ && \
     cd /usr/share/logstash && \
     bin/logstash-plugin update logstash-filter-translate && \
+	bin/logstash-plugin install logstash-output-syslog && \
     rm /etc/logstash/pipelines.yml && \
     rm /etc/logstash/logstash.yml && \
 #
diff --git a/docker/elk/logstash/dist/http_input.conf b/docker/elk/logstash/dist/http_input.conf
index 005be8c7..0884cf45 100644
--- a/docker/elk/logstash/dist/http_input.conf
+++ b/docker/elk/logstash/dist/http_input.conf
@@ -17,5 +17,12 @@ output {
     template => "/etc/logstash/tpot-template.json"
     template_overwrite => "true"
   }
-
+  # Syslog Output Example
+  # syslog {
+  #   host => "192.168.1.1"
+  #   port => 514
+  #   protocol => tcp
+  #   appname => "logstash-logs"
+  #   severity => "6"
+  # }
 }
diff --git a/docker/elk/logstash/dist/logstash.conf b/docker/elk/logstash/dist/logstash.conf
index 7f30e746..fd797ba1 100644
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@@ -816,7 +816,14 @@ output {
     template => "/etc/logstash/tpot-template.json"
     template_overwrite => "true"
   }
-
+  # Syslog Output Example
+  # syslog {
+  #   host => "192.168.1.1"
+  #   port => 514
+  #   protocol => tcp
+  #   appname => "logstash-logs"
+  #   severity => "6"
+  # }
   #if [type] == "Suricata" {
   #    file {
   #      file_mode => 0770