mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-07-02 01:27:27 -04:00
Start cleaning up and update documentation
This commit is contained in:
@ -1,33 +1,20 @@
|
||||
# dockerized elk stack
|
||||
# Elasticsearch
|
||||
[](https://microbadger.com/images/dtagdevsec/elasticsearch:1710 "Get your own version badge on microbadger.com") [](https://microbadger.com/images/dtagdevsec/elasticsearch:1710 "Get your own image badge on microbadger.com")
|
||||
|
||||
# Logstash
|
||||
[](https://microbadger.com/images/dtagdevsec/logstash:1710 "Get your own version badge on microbadger.com") [](https://microbadger.com/images/dtagdevsec/logstash:1710 "Get your own image badge on microbadger.com")
|
||||
|
||||
[elk](http://www.elasticsearch.org/overview/) is a stack combining elasticsearch, logstash and the kibana dashboard. It is used to structure and vizualize data in realtime.
|
||||
# Kibana
|
||||
[](https://microbadger.com/images/dtagdevsec/kibana:1710 "Get your own version badge on microbadger.com") [](https://microbadger.com/images/dtagdevsec/kibana:1710 "Get your own image badge on microbadger.com")
|
||||
|
||||
This repository contains the necessary files to create a *dockerized* version of the elk stack.
|
||||
# elk stack
|
||||
|
||||
[elk](http://www.elasticsearch.org/overview/) is a stack combining elasticsearch, logstash and the kibana dashboard. It is used to structure and visualize data in realtime.
|
||||
|
||||
This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
|
||||
|
||||
The `Dockerfile` contains the blueprint for the dockerized elk stack and will be used to setup the docker image.
|
||||
|
||||
Further, `elasticsearch.yml`, `logstash.conf`, `elkbase.tar.gz`, `elk.ico` and `kibana.svg`, are all tailored to fit the T-Pot environment.
|
||||
|
||||
The `supervisord.conf` is used to start elk under supervision of supervisord.
|
||||
|
||||
Using systemd, copy the `systemd/elk.service` to `/etc/systemd/system/elk.service` and start using
|
||||
|
||||
```
|
||||
systemctl enable elk
|
||||
systemctl start elk
|
||||
```
|
||||
|
||||
This will make sure that the docker container is started with the appropriate permissions and port mappings. Further, it autostarts during boot.
|
||||
|
||||
Starting with T-Pot 16.10 you can simply access the kibana dashboard by browsing to ``https://<your.ip>:64297`` and enter your web user credentials.
|
||||
|
||||
Note: The kibana dashboard can be customized to fit your needs.
|
||||
|
||||
By default all data will be persistently stored in `/data/elk/`. Indexed events older than 90 days will be deleted. You can adjust this behavior in `/etc/crontab` to fit your needs, but be advised to provide enough RAM and free disk-space if you wish to do so.
|
||||
The `Dockerfiles` contain the blueprint for the dockerized elk stack and will be used to setup the docker images.
|
||||
|
||||
# T-Pot Dashboard
|
||||
|
||||

|
||||

|
||||
|
Reference in New Issue
Block a user