2019-08-13 09:41:38 +00:00
|
|
|
FROM sebp/elk:720
|
2016-09-29 20:52:05 +00:00
|
|
|
|
|
|
|
RUN mkdir /etc/logstash/patterns.d
|
|
|
|
#postfix grok and filter
|
|
|
|
RUN curl -L https://raw.githubusercontent.com/whyscream/postfix-grok-patterns/master/postfix.grok > /etc/logstash/patterns.d/postfix.grok
|
|
|
|
RUN curl -L https://raw.githubusercontent.com/whyscream/postfix-grok-patterns/master/50-filter-postfix.conf > /etc/logstash/conf.d/15-filter-postfix.conf
|
|
|
|
# custom amavis grok and filter
|
2019-08-13 09:41:38 +00:00
|
|
|
COPY amavis.grok /etc/logstash/patterns.d
|
|
|
|
COPY 16-amavis.conf /etc/logstash/conf.d
|
2016-09-29 20:52:05 +00:00
|
|
|
# dovecot grok and filter
|
|
|
|
RUN curl -L https://raw.githubusercontent.com/ninech/logstash-patterns/master/patterns.d/dovecot.grok > /etc/logstash/patterns.d/dovecot.grok
|
|
|
|
RUN curl -L https://raw.githubusercontent.com/ninech/logstash-patterns/master/exmples/50-filter-dovecot.conf > /etc/logstash/conf.d/17-filter-dovecot.conf
|
2020-03-19 14:22:31 +00:00
|
|
|
# FIXME: may be a cron job?
|
2019-08-13 09:41:38 +00:00
|
|
|
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
|
2020-03-19 14:22:31 +00:00
|
|
|
|
|
|
|
ARG MAXMIND_LICENSE
|
2016-09-29 20:52:05 +00:00
|
|
|
RUN mkdir -p /usr/share/GeoIP && \
|
2020-03-19 14:22:31 +00:00
|
|
|
curl -L "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=${MAXMIND_LICENSE}&suffix=tar.gz" \
|
|
|
|
| tar zx --to-stdout --wildcards --no-anchored '*.mmdb' > /usr/share/GeoIP/GeoLiteCity.dat
|
2016-09-29 20:52:05 +00:00
|
|
|
|
|
|
|
WORKDIR ${LOGSTASH_HOME}
|
|
|
|
RUN gosu logstash bin/logstash-plugin install --local --no-verify logstash-filter-geoip
|
|
|
|
|
2020-03-19 14:22:31 +00:00
|
|
|
# override beats input
|
2019-08-13 09:41:38 +00:00
|
|
|
COPY 02-beats-input.conf /etc/logstash/conf.d/
|
2016-09-29 20:52:05 +00:00
|
|
|
# override syslog
|
2019-08-13 09:41:38 +00:00
|
|
|
COPY 10-syslog.conf /etc/logstash/conf.d/
|
2017-01-18 21:39:33 +00:00
|
|
|
|
|
|
|
# avoid Bootstrap Checks failure on production
|
|
|
|
RUN /bin/grep -q -F 'transport.host' /etc/elasticsearch/elasticsearch.yml || echo "transport.host: 127.0.0.1" >> /etc/elasticsearch/elasticsearch.yml
|