telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

Start cleaning up and update documentation

Browse Source
This commit is contained in:
Marco Ochse
2017-10-23 13:02:04 +02:00
parent 70f75d51ee
commit 46264774b3
76 changed files with 3126 additions and 18799 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
docker/elk/README.md
View File

@ -1,33 +1,20 @@
# dockerized elk stack
# Elasticsearch
[![](https://images.microbadger.com/badges/version/dtagdevsec/elasticsearch:1710.svg)](https://microbadger.com/images/dtagdevsec/elasticsearch:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/elasticsearch:1710.svg)](https://microbadger.com/images/dtagdevsec/elasticsearch:1710 "Get your own image badge on microbadger.com")
# Logstash
[![](https://images.microbadger.com/badges/version/dtagdevsec/logstash:1710.svg)](https://microbadger.com/images/dtagdevsec/logstash:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/logstash:1710.svg)](https://microbadger.com/images/dtagdevsec/logstash:1710 "Get your own image badge on microbadger.com")
[elk](http://www.elasticsearch.org/overview/) is a stack combining elasticsearch, logstash and the kibana dashboard. It is used to structure and vizualize data in realtime.
# Kibana
[![](https://images.microbadger.com/badges/version/dtagdevsec/kibana:1710.svg)](https://microbadger.com/images/dtagdevsec/kibana:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/kibana:1710.svg)](https://microbadger.com/images/dtagdevsec/kibana:1710 "Get your own image badge on microbadger.com")
This repository contains the necessary files to create a *dockerized* version of the elk stack.
# elk stack
[elk](http://www.elasticsearch.org/overview/) is a stack combining elasticsearch, logstash and the kibana dashboard. It is used to structure and visualize data in realtime.
This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
The `Dockerfile` contains the blueprint for the dockerized elk stack and will be used to setup the docker image.
Further, `elasticsearch.yml`, `logstash.conf`, `elkbase.tar.gz`, `elk.ico` and `kibana.svg`, are all tailored to fit the T-Pot environment.
The `supervisord.conf` is used to start elk under supervision of supervisord.
Using systemd, copy the `systemd/elk.service` to `/etc/systemd/system/elk.service` and start using
```
systemctl enable elk
systemctl start elk
```
This will make sure that the docker container is started with the appropriate permissions and port mappings. Further, it autostarts during boot.
Starting with T-Pot 16.10 you can simply access the kibana dashboard by browsing to ``https://<your.ip>:64297`` and enter your web user credentials.
Note: The kibana dashboard can be customized to fit your needs.
By default all data will be persistently stored in `/data/elk/`. Indexed events older than 90 days will be deleted. You can adjust this behavior in `/etc/crontab` to fit your needs, but be advised to provide enough RAM and free disk-space if you wish to do so.
The `Dockerfiles` contain the blueprint for the dockerized elk stack and will be used to setup the docker images.
# T-Pot Dashboard
![T-Pot Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/elk/master/doc/dashboard.png)
![T-Pot Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/tpotce/master/docker/elk/doc/dashboard.png)