tweaking

ELK 7.6.0 is not ready for production, however it works if APM is enabled (disabled in config, so image wont build as precaution) Remove SISSDEN from ewsposter, suricata Bump suricata to 5.0.1 Alpine now support suricata incl. enabled JA3 support, move back to Alpine install
2025-07-02 01:27:27 -04:00 · 2020-02-14 15:28:06 +00:00
parent a49d560809
commit f11ad6b523
13 changed files with 161 additions and 211 deletions
--- a/docker/elk/elasticsearch/Dockerfile
+++ b/docker/elk/elasticsearch/Dockerfile
@ -1,7 +1,7 @@
 FROM alpine
 #
 # VARS
-ENV ES_VER=7.5.2 \
+ENV ES_VER=7.6.0 \
    JAVA_HOME=/usr/lib/jvm/java-11-openjdk
 # Include dist
 ADD dist/ /root/dist/
--- a/docker/elk/elasticsearch/dist/elasticsearch.yml
+++ b/docker/elk/elasticsearch/dist/elasticsearch.yml
@ -9,6 +9,7 @@ path:
 http.host: 0.0.0.0
 http.cors.enabled: true
 http.cors.allow-origin: "*"
+indices.query.bool.max_clause_count: 2000
 cluster.initial_master_nodes:
 - "tpotcluster-node-01"
 discovery.zen.ping.unicast.hosts:
--- a/docker/elk/kibana/Dockerfile
+++ b/docker/elk/kibana/Dockerfile
@ -1,7 +1,7 @@
-FROM node:10.15.2-alpine
+FROM node:10.18.0-alpine
 #
 # VARS
-ENV KB_VER=7.5.2
+ENV KB_VER=7.6.0
 # 
 # Include dist
 ADD dist/ /root/dist/
@ -47,6 +47,8 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
    echo "xpack.security.enabled: false" >> /usr/share/kibana/config/kibana.yml && \
    echo "xpack.uptime.enabled: false" >> /usr/share/kibana/config/kibana.yml && \
    echo "xpack.siem.enabled: false" >> /usr/share/kibana/config/kibana.yml && \
+    echo "elasticsearch.requestTimeout: 60000" >> /usr/share/kibana/config/kibana.yml && \
+    echo "elasticsearch.shardTimeout: 60000" >> /usr/share/kibana/config/kibana.yml && \
    rm -rf /usr/share/kibana/optimize/bundles/* && \
    /usr/share/kibana/bin/kibana --optimize --allow-root && \
    addgroup -g 2000 kibana && \
--- a/docker/elk/logstash/Dockerfile
+++ b/docker/elk/logstash/Dockerfile
@ -1,7 +1,7 @@
 FROM alpine
 #
 # VARS
-ENV LS_VER=7.5.2
+ENV LS_VER=7.6.0
 # Include dist
 ADD dist/ /root/dist/
 #
@ -36,7 +36,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
    chmod u+x /usr/bin/update.sh && \
    mkdir -p /etc/logstash/conf.d && \
    cp logstash.conf /etc/logstash/conf.d/ && \
-    cp elasticsearch-template-es7x.json /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.2.3-java/lib/logstash/outputs/elasticsearch/ && \
+    cp elasticsearch-template-es7x.json /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.0-java/lib/logstash/outputs/elasticsearch/ && \
 #
 # Setup user, groups and configs
    addgroup -g 2000 logstash && \