From 2a7e3b861f448875b97f5197fb57f8d6e09387d8 Mon Sep 17 00:00:00 2001 From: Germain Masse Date: Thu, 19 Mar 2020 15:22:31 +0100 Subject: [PATCH 1/2] Support GeoIP license number in ELK Dockerfile --- docker-compose.elk.yml.dist | 7 ++++++- elk/.env.dist | 1 + elk/Dockerfile | 9 ++++++--- elk/docker-compose.yml.dist | 16 ++++++++++++++++ 4 files changed, 29 insertions(+), 4 deletions(-) create mode 100644 elk/.env.dist create mode 100644 elk/docker-compose.yml.dist diff --git a/docker-compose.elk.yml.dist b/docker-compose.elk.yml.dist index 0c308a3c..9fb1ff71 100644 --- a/docker-compose.elk.yml.dist +++ b/docker-compose.elk.yml.dist @@ -25,12 +25,17 @@ services: - SYS_PTRACE restart: always elk: - build: elk + build: + context: elk + args: + - MAXMIND_LICENSE ports: - "5601:5601" - "9200:9200" - "5044:5044" - "5000:5000" + env_file: + - elk/.env restart: always volumes: diff --git a/elk/.env.dist b/elk/.env.dist new file mode 100644 index 00000000..43a62e16 --- /dev/null +++ b/elk/.env.dist @@ -0,0 +1 @@ +MAXMIND_LICENSE= diff --git a/elk/Dockerfile b/elk/Dockerfile index de97d26f..6cfa3b1d 100644 --- a/elk/Dockerfile +++ b/elk/Dockerfile @@ -10,15 +10,18 @@ COPY 16-amavis.conf /etc/logstash/conf.d # dovecot grok and filter RUN curl -L https://raw.githubusercontent.com/ninech/logstash-patterns/master/patterns.d/dovecot.grok > /etc/logstash/patterns.d/dovecot.grok RUN curl -L https://raw.githubusercontent.com/ninech/logstash-patterns/master/exmples/50-filter-dovecot.conf > /etc/logstash/conf.d/17-filter-dovecot.conf -# FIXME: may be a cron job? +# FIXME: may be a cron job? SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +ARG MAXMIND_LICENSE RUN mkdir -p /usr/share/GeoIP && \ - curl -L http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.mmdb.gz | gunzip -c - > /usr/share/GeoIP/GeoLiteCity.dat +curl -L "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=${MAXMIND_LICENSE}&suffix=tar.gz" \ +| tar zx --to-stdout --wildcards --no-anchored '*.mmdb' > /usr/share/GeoIP/GeoLiteCity.dat WORKDIR ${LOGSTASH_HOME} RUN gosu logstash bin/logstash-plugin install --local --no-verify logstash-filter-geoip -# override beats input +# override beats input COPY 02-beats-input.conf /etc/logstash/conf.d/ # override syslog COPY 10-syslog.conf /etc/logstash/conf.d/ diff --git a/elk/docker-compose.yml.dist b/elk/docker-compose.yml.dist new file mode 100644 index 00000000..1bdfbb25 --- /dev/null +++ b/elk/docker-compose.yml.dist @@ -0,0 +1,16 @@ +version: '2' + +services: + elk: + build: + context: . + args: + - MAXMIND_LICENSE + ports: + - "5601:5601" + - "9200:9200" + - "5044:5044" + - "5000:5000" + env_file: + - .env + restart: always From 03a095ea4d877eb649fd2757c85a1639dd0b1de7 Mon Sep 17 00:00:00 2001 From: Germain Masse Date: Thu, 19 Mar 2020 15:24:26 +0100 Subject: [PATCH 2/2] Bump to ELK 7.6.1 --- elk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elk/Dockerfile b/elk/Dockerfile index 6cfa3b1d..98a35316 100644 --- a/elk/Dockerfile +++ b/elk/Dockerfile @@ -1,4 +1,4 @@ -FROM sebp/elk:720 +FROM sebp/elk:761 RUN mkdir /etc/logstash/patterns.d #postfix grok and filter