elk 6.x

start adjusting helper scripts for elk 6.x migrate patterns, dashboards, viz, search, etc. tweaking
2025-07-02 01:27:27 -04:00 · 2018-04-19 22:38:45 +00:00
parent 6e072980a0
commit fd40fc96a6
12 changed files with 286 additions and 3011 deletions
--- a/docker/elk/docker-compose.yml
+++ b/docker/elk/docker-compose.yml
@ -7,6 +7,7 @@ services:
 # ELK services
 ## Elasticsearch service
  elasticsearch:
+    build: .
    container_name: elasticsearch
    restart: always
    environment:
@ -30,8 +31,10 @@ services:

 ## Kibana service
  kibana:
+    build: .
    container_name: kibana
    restart: always
+    stop_signal: SIGKILL
    depends_on:
      elasticsearch:
        condition: service_healthy
@ -41,6 +44,7 @@ services:

 ## Logstash service
  logstash:
+    build: .
    container_name: logstash
    restart: always
    depends_on:
@ -52,9 +56,11 @@ services:
    volumes:
     - /data:/data
     - /var/log:/data/host/log
+     - /root/tpotce/docker/elk/logstash/dist/logstash.conf:/etc/logstash/conf.d/logstash.conf

 ## Elasticsearch-head service
  head:
+    build: .
    container_name: head
    restart: always
    depends_on:
@ -63,3 +69,4 @@ services:
    ports:
     - "127.0.0.1:64302:9100"
    image: "dtagdevsec/head:1804"
+    read_only: true
--- a/docker/elk/elasticsearch/Dockerfile
+++ b/docker/elk/elasticsearch/Dockerfile
@ -14,8 +14,8 @@ RUN apk -U upgrade && \
 # Get and install packages
    cd /root/dist/ && \
    mkdir -p /usr/share/elasticsearch/ && \
-    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.6.8.tar.gz && \
-    tar xvfz elasticsearch-5.6.8.tar.gz --strip-components=1 -C /usr/share/elasticsearch/ && \
+    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.4.tar.gz && \
+    tar xvfz elasticsearch-6.2.4.tar.gz --strip-components=1 -C /usr/share/elasticsearch/ && \

 # Add and move files
    cd /root/dist/ && \
@ -36,4 +36,4 @@ HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9200/_cat/health'

 # Start ELK
 USER elasticsearch:elasticsearch
-CMD ["/usr/share/elasticsearch/bin/elasticsearch"]
+CMD export ES_TMPDIR=/tmp && exec /usr/share/elasticsearch/bin/elasticsearch
--- a/docker/elk/elasticsearch/Dockerfile.5x
+++ b/docker/elk/elasticsearch/Dockerfile.5x
@ -0,0 +1,39 @@
+FROM alpine
+
+# Include dist
+ADD dist/ /root/dist/
+
+# Setup env and apt
+RUN apk -U upgrade && \
+    apk add bash \
+            curl \
+            openjdk8-jre \
+            procps \
+            wget && \
+
+# Get and install packages
+    cd /root/dist/ && \
+    mkdir -p /usr/share/elasticsearch/ && \
+    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.6.8.tar.gz && \
+    tar xvfz elasticsearch-5.6.8.tar.gz --strip-components=1 -C /usr/share/elasticsearch/ && \
+
+# Add and move files
+    cd /root/dist/ && \
+    mkdir -p /usr/share/elasticsearch/config && \
+    cp elasticsearch.yml /usr/share/elasticsearch/config/ && \
+
+# Setup user, groups and configs
+    addgroup -g 2000 elasticsearch && \
+    adduser -S -H -s /bin/bash -u 2000 -D -g 2000 elasticsearch && \
+    chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/ && \
+
+# Clean up
+    apk del --purge wget && \
+    rm -rf /root/*
+
+# Healthcheck
+HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9200/_cat/health'
+
+# Start ELK
+USER elasticsearch:elasticsearch
+CMD ["/usr/share/elasticsearch/bin/elasticsearch"]
--- a/docker/elk/elasticsearch/docker-compose.yml.5x
+++ b/docker/elk/elasticsearch/docker-compose.yml.5x
@ -0,0 +1,30 @@
+# T-Pot (Standard)
+# For docker-compose ...
+version: '2.2'
+
+services:
+
+# ELK services
+## Elasticsearch service
+  elasticsearch:
+    build: .
+    container_name: elasticsearch
+    restart: always
+    environment:
+     - bootstrap.memory_lock=true
+     - "ES_JAVA_OPTS=-Xms1024m -Xmx1024m"
+    cap_add:
+     - IPC_LOCK
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    mem_limit: 2g
+    ports:
+     - "127.0.0.1:64298:9200"
+    image: "dtagdevsec/elasticsearch:1804"
+    volumes:
+     - /data:/data
--- a/docker/elk/kibana/Dockerfile
+++ b/docker/elk/kibana/Dockerfile
@ -44,7 +44,7 @@ RUN apk -U upgrade && \

 # Setup user, groups and configs
    sed -i 's/#server.basePath: ""/server.basePath: "\/kibana"/' /usr/share/kibana/config/kibana.yml && \
-    sed -i 's/#kibana.defaultAppId: "discover"/kibana.defaultAppId: "dashboards"/' /usr/share/kibana/config/kibana.yml && \
+    sed -i 's/#kibana.defaultAppId: "home"/kibana.defaultAppId: "dashboards"/' /usr/share/kibana/config/kibana.yml && \
    sed -i 's/#server.host: "localhost"/server.host: "0.0.0.0"/' /usr/share/kibana/config/kibana.yml && \
    sed -i 's/#elasticsearch.url: "http:\/\/localhost:9200"/elasticsearch.url: "http:\/\/elasticsearch:9200"/' /usr/share/kibana/config/kibana.yml && \
    /usr/share/kibana/bin/kibana 2>&1 | grep -m 1 "Optimization of bundles" && \
--- a/docker/elk/logstash/Dockerfile
+++ b/docker/elk/logstash/Dockerfile
@ -49,4 +49,4 @@ HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9600'

 # Start logstash
 #USER logstash:logstash
-CMD update.sh && /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf
+CMD update.sh && exec /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf