telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

tweaking

Browse Source
This commit is contained in:
t3chn0m4g3
2021-12-08 23:55:13 +00:00
parent ff1c12e848
commit 5f29516197
4 changed files with 32 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docker/elk/logstash/Dockerfile
View File

@ -31,7 +31,9 @@ RUN apk -U --no-cache add \
# For some reason Alpine 3.14 does not report the -x flag correctly and thus elasticsearch does not find java
sed -i 's/! -x/! -e/g' /usr/share/logstash/bin/logstash.lib.sh && \
/usr/share/logstash/bin/logstash-plugin install logstash-filter-translate && \
/usr/share/logstash/bin/logstash-plugin install logstash-input-http && \
/usr/share/logstash/bin/logstash-plugin install logstash-output-gelf && \
/usr/share/logstash/bin/logstash-plugin install logstash-output-http && \
/usr/share/logstash/bin/logstash-plugin install logstash-output-syslog && \
#
# Add and move files
@ -40,6 +42,8 @@ RUN apk -U --no-cache add \
chmod u+x /usr/bin/update.sh && \
mkdir -p /etc/logstash/conf.d && \
cp logstash.conf /etc/logstash/conf.d/ && \
cp http.conf /etc/logstash/conf.d/ && \
cp pipelines.yml /usr/share/logstash/config/pipelines.yml && \
cp tpot_es_template.json /etc/logstash/ && \
#
# Setup user, groups and configs
@ -60,4 +64,5 @@ HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9600'
# Start logstash
#USER logstash:logstash
#CMD update.sh && exec /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf --config.reload.automatic --java-execution --log.level debug
CMD update.sh && exec /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf --config.reload.automatic --java-execution
#CMD update.sh && exec /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf --config.reload.automatic --java-execution
CMD update.sh && exec /usr/share/logstash/bin/logstash --config.reload.automatic --java-execution

19
docker/elk/logstash/dist/http.conf vendored Normal file
View File

@ -0,0 +1,19 @@
# Input section
input {
http {
id => "tpot"
host => "0.0.0.0"
port => "80"
}
}
# Output section
output {
elasticsearch {
hosts => ["elasticsearch:9200"]
# With templates now being legacy and ILM in place we need to set the daily index with its template manually. Otherwise a new index might be created with differents settings configured through Kibana.
index => "logstash-%{+YYYY.MM.dd}"
template => "/etc/logstash/tpot_es_template.json"
}
}

4
docker/elk/logstash/dist/pipelines.yml vendored Normal file
View File

@ -0,0 +1,4 @@
- pipeline.id: logstash
path.config: "/etc/logstash/conf.d/logstash.conf"
- pipeline.id: http
path.config: "/etc/logstash/conf.d/http.conf"

3
docker/elk/logstash/docker-compose.yml
View File

@ -14,7 +14,10 @@ services:
# condition: service_healthy
env_file:
- /opt/tpot/etc/compose/elk_environment
ports:
- "127.0.0.1:64305:80"
image: "dtagdevsec/logstash:2006"
volumes:
- /data:/data
# - /root/tpotce/docker/elk/logstash/dist/logstash.conf:/etc/logstash/conf.d/logstash.conf
# - /root/tpotce/docker/elk/logstash/dist/http.conf:/etc/logstash/conf.d/http.conf