From 626c0d577aec758cc67248d4fb068a344dba7390 Mon Sep 17 00:00:00 2001
From: George Vlahavas <vlahavas@gmail.com>
Date: Wed, 14 Apr 2021 20:27:05 +0300
Subject: [PATCH] Use a docker volume for ELK and Suricata

Move the suricata logs in the top level /data dir in the process.
---
 CEPTD/docker/logstash/dist/logstash.conf |  6 +++---
 docker-compose-jfrog.yml                 | 10 +++++-----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/CEPTD/docker/logstash/dist/logstash.conf b/CEPTD/docker/logstash/dist/logstash.conf
index 7757169..7715b78 100644
--- a/CEPTD/docker/logstash/dist/logstash.conf
+++ b/CEPTD/docker/logstash/dist/logstash.conf
@@ -1,14 +1,14 @@
-# Input section
+u Input section
 input {
 
 # Suricata
   file {
-    path => ["/data/suricata/log/eve.json"]
+    path => ["/data/eve.json"]
     codec => json
     type => "Suricata"
   }
   file {
-    path => ["/data/suricata/log/capec.json"]
+    path => ["/data/capec.json"]
     codec => json
     type => "CAPEC"
   }
diff --git a/docker-compose-jfrog.yml b/docker-compose-jfrog.yml
index 7e5372f..3f886b3 100644
--- a/docker-compose-jfrog.yml
+++ b/docker-compose-jfrog.yml
@@ -14,7 +14,7 @@ services:
       - NET_RAW
     command: ONLINE
     volumes:
-      - ./data/suricata/log:/var/log/suricata
+      - data_volume:/var/log/suricata
       - ./data/pcap:/var/pcap
       
   elasticsearch:
@@ -41,15 +41,15 @@ services:
         soft: -1
         hard: -1
     volumes:
-      - elasticsearch_volume:/data
+      - data_volume:/data
   
   logstash:
     image: registry.curex-project.eu:443/curex-local/kea_logstash:1.0.1
     container_name: kea_logstash
     restart: unless-stopped
     volumes:
-      - ./data:/data
-        
+      - data_volume:/data
+  
   kibana:
     image: registry.curex-project.eu:443/curex-local/kea_kibana:7.6.2
     container_name: kea_kibana
@@ -168,4 +168,4 @@ services:
 
 volumes:
   api_volume:
-  elasticsearch_volume:
+  data_volume:
-- 
2.2.2