forked from kecorbin/elknet
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yaml
115 lines (103 loc) · 2.78 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
version: '3.8'
services:
# not sure if we will need this
# syslog:
# sudo docker run -it -p 5514:514 -v $(pwd)/syslog-ng/syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf -v $(pwd)/network.log:/var/log/network.log balabit/syslog-ng:latest -edv
elasticsearch:
build:
context: elasticsearch/
volumes:
- ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
ports:
- "9200:9200"
- "9300:9300"
environment:
ES_JAVA_OPTS: "-Xmx1G -Xms1G"
networks:
- flesk
hostname: "elasticsearch"
logstash:
build:
context: logstash/
volumes:
- ./logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:ro
- ./logstash/pipeline:/usr/share/logstash/pipeline:ro
- ./logstash/patterns:/opt/logstash/patterns
- ./logstash/geoipdbs:/etc/logstash/geoipdbs
- ./logstash/dictionaries:/etc/logstash/dictionaries
#- ./etc:/var/log/suricata
- ./logstash/templates:/opt/logstash/templates
ports:
- "514:514/udp"
#- "535:535/udp"
environment:
LS_JAVA_OPTS: "-Xmx2G -Xms2G"
networks:
- flesk
depends_on:
- elasticsearch
hostname: "logstash"
kibana:
build:
context: kibana/
volumes:
- ./kibana/config/:/usr/share/kibana/config:ro
ports:
- "5601:5601/tcp"
networks:
- flesk
depends_on:
- elasticsearch
hostname: "kibana"
# suricata:
# build:
# context: suricata/
# volumes:
# - ./suricata/config/suricata.yaml:/etc/suricata/suricata.yaml
# - ./etc:/var/log/suricata
# cap_add:
# - sys_nice
# - net_admin
# networks:
# - flesk
# depends_on:
# - logstash
# hostname: "suricata"
# filebeat:
# build:
# context: filebeat/
# volumes:
# - ./filebeat/config/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
# - ./etc:/var/log/suricata:rw
# ports:
# - "535:535/udp"
# hostname: "filebeat"
# networks:
# - flesk
# depends_on:
# - kibana
# - logstash
# #command: ["./wait-for-it.sh", "db:5432", "--", "python", "app.py"]
# #entrypoint: bash -c 'export PATH=$PATH:/usr/share/filebeat && /usr/local/bin/docker-entrypoint -e'
# #Because docker compose has terrible support and does not recognize service readiness
# restart: on-failure:10
snort3:
build:
context: snort3/
hostname: snort3
ports:
- "6969:6969"
volumes:
- ./snort3/snort3-community-rules:/usr/local/etc/snort/snort3-community-rules:rw
networks:
- flesk
#depends_on:
#- logstash
#- elasticsearch
entrypoint: ["/bin/bash"]
# put the nodes on the host network so that source ips are retained
volumes:
suricata-logs:
networks:
flesk:
driver: bridge