Merge pull request #1433 from gmasse/elk-update

Update ELK container
This commit is contained in:
Erik Wramner 2020-03-22 08:55:05 +01:00 committed by GitHub
commit 10cac7e755
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 30 additions and 5 deletions

View file

@ -38,12 +38,17 @@ services:
command: ["filebeat", "-e", "--strict.perms=false"] command: ["filebeat", "-e", "--strict.perms=false"]
restart: always restart: always
elk: elk:
build: elk build:
context: elk
args:
- MAXMIND_LICENSE
ports: ports:
- "5601:5601" - "5601:5601"
- "9200:9200" - "9200:9200"
- "5044:5044" - "5044:5044"
- "5000:5000" - "5000:5000"
env_file:
- elk/.env
restart: always restart: always
volumes: volumes:

1
elk/.env.dist Normal file
View file

@ -0,0 +1 @@
MAXMIND_LICENSE=

View file

@ -1,4 +1,4 @@
FROM sebp/elk:720 FROM sebp/elk:761
RUN mkdir /etc/logstash/patterns.d RUN mkdir /etc/logstash/patterns.d
#postfix grok and filter #postfix grok and filter
@ -12,8 +12,11 @@ RUN curl -L https://raw.githubusercontent.com/ninech/logstash-patterns/master/pa
RUN curl -L https://raw.githubusercontent.com/ninech/logstash-patterns/master/exmples/50-filter-dovecot.conf > /etc/logstash/conf.d/17-filter-dovecot.conf RUN curl -L https://raw.githubusercontent.com/ninech/logstash-patterns/master/exmples/50-filter-dovecot.conf > /etc/logstash/conf.d/17-filter-dovecot.conf
# FIXME: may be a cron job? # FIXME: may be a cron job?
SHELL ["/bin/bash", "-o", "pipefail", "-c"] SHELL ["/bin/bash", "-o", "pipefail", "-c"]
ARG MAXMIND_LICENSE
RUN mkdir -p /usr/share/GeoIP && \ RUN mkdir -p /usr/share/GeoIP && \
curl -L http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.mmdb.gz | gunzip -c - > /usr/share/GeoIP/GeoLiteCity.dat curl -L "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=${MAXMIND_LICENSE}&suffix=tar.gz" \
| tar zx --to-stdout --wildcards --no-anchored '*.mmdb' > /usr/share/GeoIP/GeoLiteCity.dat
WORKDIR ${LOGSTASH_HOME} WORKDIR ${LOGSTASH_HOME}
RUN gosu logstash bin/logstash-plugin install --local --no-verify logstash-filter-geoip RUN gosu logstash bin/logstash-plugin install --local --no-verify logstash-filter-geoip

View file

@ -0,0 +1,16 @@
version: '2'
services:
elk:
build:
context: .
args:
- MAXMIND_LICENSE
ports:
- "5601:5601"
- "9200:9200"
- "5044:5044"
- "5000:5000"
env_file:
- .env
restart: always