This repository contains a Dockerfile of ELK for Docker's trusted build published to the public Docker Registry.
- java:8-jre
- Elasticsearch 2.3.3
- Logstash 2.3.3
- Kibana 4.5.1
$ docker images
REPOSITORY TAG VIRTUAL SIZE
blacktop/elk latest 668 MB
blacktop/elk 5.0-alpha 659 MB
blacktop/elk 4.4 665 MB
blacktop/elk 4.3 688 MB
blacktop/elk 4.2 669 MB
blacktop/elk 3 542 MB
-
Install Docker.
-
Download trusted build from public Docker Registry:
docker pull blacktop/elk
$ docker run -d --name elk -p 80:80 -p 9200:9200 blacktop/elk
Now navigate to $(docker inspect -f '{{ .NetworkSettings.IPAddress }}' elk)
$ docker run -d --name elk -p 80:80 -p 9200:9200 -e ES_JAVA_OPTS="-Xms2g -Xmx2g" blacktop/elk:5.0-alpha
NOTE:
ES_JAVA_OPTS="-Xms2g -Xmx2g"
sets the HEAP_MAX and HEAP_MIN to 2GB.
- Install Homebrew
$ brew install caskroom/cask/brew-cask
$ brew cask install virtualbox
$ brew install docker
$ brew install docker-machine
$ docker-machine create --driver virtualbox default
$ eval $(docker-machine env default)
If you are using docker-machine
Navigate to $(docker-machine ip dev)
As a convenience you can add the docker-machine IP to you /etc/hosts file:
$ echo $(docker-machine ip dev) dockerhost | sudo tee -a /etc/hosts
Now you can navigate to http://dockerhost from your host and login with: user: admin
/password: admin
Let us index some data into Elasticsearch so we can try it out. To do this you can run config/test_index.py
which contains the following code:
$ pip install elasticsearch
from datetime import datetime
from elasticsearch import Elasticsearch
es = Elasticsearch(['http://<docker.container.ip>'])
for i in range(10000):
doc = {'author': 'kimchy', 'text': 'Elasticsearch: cool. bonsai cool.', 'timestamp': datetime.now()}
res = es.index(index="test-index", doc_type='tweet', id=i, body=doc)
# print(res['created'])
res = es.get(index="test-index", doc_type='tweet', id=1)
print(res['_source'])
es.indices.refresh(index="test-index")
res = es.search(index="test-index", body={"query": {"match_all": {}}})
print("Got %d Hits:" % res['hits']['total'])
for hit in res['hits']['hits']:
print("%(timestamp)s %(author)s: %(text)s" % hit["_source"])
-
Navigate to the docker-machine ip or docker ip in a web browser.
-
You will be prompted for a user/pass which defaults to:
-
user:
admin
-
password:
admin
-
Now enter
test-index
in the index field and select timestamp
- Go to the Discover Tab and see those absolutely gorgeous logs!
$ docker exec -it elk bash
root@593cf95bd8cc:/# htpasswd -D /etc/nginx/.htpasswd admin
Deleting password for user admin
root@593cf95bd8cc:/# htpasswd /etc/nginx/.htpasswd blacktop
New password: *****
Re-type new password: *****
Adding password for user blacktop
root@593cf95bd8cc:/# exit
- Install/Run ELK
- Start Daemon and watch folder with supervisord
- Expose Logstash config folder as well as Nginx sites folder as Volumes
- Add SSL
- Integrate with Bro-IDS