Commit 626c0d577aec758cc67248d4fb068a344dba7390
1 parent
eae87d5f90
Exists in
master
and in
4 other branches
Use a docker volume for ELK and Suricata
Move the suricata logs in the top level /data dir in the process.
Showing 2 changed files with 8 additions and 8 deletions
CEPTD/docker/logstash/dist/logstash.conf
View file @
626c0d5
| 1 | -# Input section | |
| 1 | +u Input section | |
| 2 | 2 | input { |
| 3 | 3 | |
| 4 | 4 | # Suricata |
| 5 | 5 | file { |
| 6 | - path => ["/data/suricata/log/eve.json"] | |
| 6 | + path => ["/data/eve.json"] | |
| 7 | 7 | codec => json |
| 8 | 8 | type => "Suricata" |
| 9 | 9 | } |
| 10 | 10 | file { |
| 11 | - path => ["/data/suricata/log/capec.json"] | |
| 11 | + path => ["/data/capec.json"] | |
| 12 | 12 | codec => json |
| 13 | 13 | type => "CAPEC" |
| 14 | 14 | } |
docker-compose-jfrog.yml
View file @
626c0d5
| ... | ... | @@ -14,7 +14,7 @@ |
| 14 | 14 | - NET_RAW |
| 15 | 15 | command: ONLINE |
| 16 | 16 | volumes: |
| 17 | - - ./data/suricata/log:/var/log/suricata | |
| 17 | + - data_volume:/var/log/suricata | |
| 18 | 18 | - ./data/pcap:/var/pcap |
| 19 | 19 | |
| 20 | 20 | elasticsearch: |
| 21 | 21 | |
| ... | ... | @@ -41,15 +41,15 @@ |
| 41 | 41 | soft: -1 |
| 42 | 42 | hard: -1 |
| 43 | 43 | volumes: |
| 44 | - - elasticsearch_volume:/data | |
| 44 | + - data_volume:/data | |
| 45 | 45 | |
| 46 | 46 | logstash: |
| 47 | 47 | image: registry.curex-project.eu:443/curex-local/kea_logstash:1.0.1 |
| 48 | 48 | container_name: kea_logstash |
| 49 | 49 | restart: unless-stopped |
| 50 | 50 | volumes: |
| 51 | - - ./data:/data | |
| 52 | - | |
| 51 | + - data_volume:/data | |
| 52 | + | |
| 53 | 53 | kibana: |
| 54 | 54 | image: registry.curex-project.eu:443/curex-local/kea_kibana:7.6.2 |
| 55 | 55 | container_name: kea_kibana |
| ... | ... | @@ -168,5 +168,5 @@ |
| 168 | 168 | |
| 169 | 169 | volumes: |
| 170 | 170 | api_volume: |
| 171 | - elasticsearch_volume: | |
| 171 | + data_volume: |