tls : TLS encryption enabled in Elasticsearch, Kibana (opt in), and Fleet searchguard : Search Guard support
docker-compose up setup
docker-compose up
-
Docker Engine version 18.06.0 or newer -
Docker Compose version 1.28.0 or newer (including Compose V2 ) -
1.5 GB of RAM
-
5044: Logstash Beats input -
50000: Logstash TCP input -
9600: Logstash monitoring API -
9200: Elasticsearch HTTP -
9300: Elasticsearch TCP transport -
5601: Kibana
git clone https://github.com/deviantony/docker-elk.git
docker-compose up setup
docker-compose up
-
user: elastic -
password: changeme
-
Reset passwords for default users The commands below reset the passwords of the elastic , logstash_internal and kibana_system users. Take note of them. docker-compose exec elasticsearch bin/elasticsearch-reset-password --batch --user elastic docker-compose exec elasticsearch bin/elasticsearch-reset-password --batch --user logstash_internal docker-compose exec elasticsearch bin/elasticsearch-reset-password --batch --user kibana_system If the need for it arises (e.g. if you want to collect monitoring information through Beats and other components), feel free to repeat this operation at any time for the rest of the built-in users . -
Replace usernames and passwords in configuration files Replace the password of the elastic user inside the .env file with the password generated in the previous step. Its value isn't used by any core component, but extensions use it to connect to Elasticsearch. [!NOTE] In case you don't plan on using any of the provided extensions , or prefer to create your own roles and users to authenticate these services, it is safe to remove the ELASTIC_PASSWORD entry from the .env file altogether after the stack has been initialized. Replace the password of the logstash_internal user inside the .env file with the password generated in the previous step. Its value is referenced inside the Logstash pipeline file ( logstash/pipeline/logstash.conf ). Replace the password of the kibana_system user inside the .env file with the password generated in the previous step. Its value is referenced inside the Kibana configuration file ( kibana/config/kibana.yml ). See the Configuration section below for more information about these configuration files. -
Restart Logstash and Kibana to re-connect to Elasticsearch using the new passwords docker-compose up -d logstash kibana
-
user: elastic -
password: <your generated elastic password>
# Execute `nc -h` to determine your `nc` version cat /path/to/logfile.log | nc -q0 localhost 50000 # BSD cat /path/to/logfile.log | nc -c localhost 50000 # GNU cat /path/to/logfile.log | nc --send-only localhost 50000 # nmap
docker-compose down -v
release-7.x : 7.x series release-6.x : 6.x series (End-of-life) release-5.x : 5.x series (End-of-life)
elasticsearch : environment : network.host : _non_loopback_
cluster.name : my-cluster
kibana : environment : SERVER_NAME : kibana.example.org
logstash : environment : LOG_LEVEL : debug
$ docker-compose up setup
⠿ Container docker-elk-elasticsearch-1 Running
⠿ Container docker-elk-setup-1 Created
Attaching to docker-elk-setup-1
...
docker-elk-setup-1 | [+] User 'monitoring_internal'
docker-elk-setup-1 | ⠿ User does not exist, creating
docker-elk-setup-1 | [+] User 'beats_system'
docker-elk-setup-1 | ⠿ User exists, setting password
docker-elk-setup-1 exited with code 0
curl -XPOST -D- ' http://localhost:9200/_security/user/elastic/_password ' \ -H ' Content-Type: application/json ' \ -u elastic: < your current elastic password > \ -d ' {"password" : "<your new password>"} '
-
Add a RUN statement to the corresponding Dockerfile (eg. RUN logstash-plugin install logstash-filter-json ) -
Add the associated plugin code configuration to the service configuration (eg. Logstash input/output) -
Rebuild the images using the docker-compose build command
|
|
---|---|
|
|
|
|
logstash : environment : LS_JAVA_OPTS : -Xms1g -Xmx1g
-
Elasticsearch starts with a JVM Heap Size that is determined automatically . -
Logstash starts with a fixed JVM Heap Size of 1 GB.
logstash : environment : LS_JAVA_OPTS : -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=18080 -Dcom.sun.management.jmxremote.rmi.port=18080 -Djava.rmi.server.hostname=DOCKER_HOST_IP -Dcom.sun.management.jmxremote.local.only=false