/docker-elk

ELK Stack Dockerfile

Primary LanguageShellMIT LicenseMIT

elk-logo ELK Stack Dockerfile

License Docker Stars Docker Pulls

This repository contains a Dockerfile of ELK for Docker's trusted build published to the public Docker Registry.

Dependencies

Image Tags

$ docker images

REPOSITORY          TAG                 VIRTUAL SIZE
blacktop/elk        latest              668   MB
blacktop/elk        5.0-alpha           659   MB
blacktop/elk        4.4                 665   MB
blacktop/elk        4.3                 688   MB
blacktop/elk        4.2                 669   MB
blacktop/elk        3                   542   MB

Installation

  1. Install Docker.

  2. Download trusted build from public Docker Registry: docker pull blacktop/elk

Usage

$ docker run -d --name elk -p 80:80 -p 9200:9200 blacktop/elk

Now navigate to $(docker inspect -f '{{ .NetworkSettings.IPAddress }}' elk)

Or to try out the Elastic Stack 😎

$ docker run -d --name elk -p 80:80 -p 9200:9200 -e ES_JAVA_OPTS="-Xms2g -Xmx2g" blacktop/elk:5.0-alpha

NOTE: ES_JAVA_OPTS="-Xms2g -Xmx2g" sets the HEAP_MAX and HEAP_MIN to 2GB.

To Run on OSX

$ brew install caskroom/cask/brew-cask
$ brew cask install virtualbox
$ brew install docker
$ brew install docker-machine
$ docker-machine create --driver virtualbox default
$ eval $(docker-machine env default)

If you are using docker-machine

Navigate to $(docker-machine ip dev)

As a convenience you can add the docker-machine IP to you /etc/hosts file:

$ echo $(docker-machine ip dev) dockerhost | sudo tee -a /etc/hosts

Now you can navigate to http://dockerhost from your host and login with: user: admin/password: admin

Example Usage

Let us index some data into Elasticsearch so we can try it out. To do this you can run config/test_index.py which contains the following code:

$ pip install elasticsearch
from datetime import datetime
from elasticsearch import Elasticsearch

es = Elasticsearch(['http://<docker.container.ip>'])

for i in range(10000):
    doc = {'author': 'kimchy', 'text': 'Elasticsearch: cool. bonsai cool.', 'timestamp': datetime.now()}
    res = es.index(index="test-index", doc_type='tweet', id=i, body=doc)
    # print(res['created'])

res = es.get(index="test-index", doc_type='tweet', id=1)
print(res['_source'])

es.indices.refresh(index="test-index")

res = es.search(index="test-index", body={"query": {"match_all": {}}})
print("Got %d Hits:" % res['hits']['total'])
for hit in res['hits']['hits']:
    print("%(timestamp)s %(author)s: %(text)s" % hit["_source"])

  • Navigate to the docker-machine ip or docker ip in a web browser.

  • You will be prompted for a user/pass which defaults to:

  • user: admin

  • password: admin

  • Now enter test-index in the index field and select timestamp

elk-logo

  • Go to the Discover Tab and see those absolutely gorgeous logs!

elk-logo

Change Kibana Nginx password

$ docker exec -it elk bash
root@593cf95bd8cc:/# htpasswd -D /etc/nginx/.htpasswd admin
Deleting password for user admin

root@593cf95bd8cc:/# htpasswd /etc/nginx/.htpasswd blacktop
New password: *****
Re-type new password: *****
Adding password for user blacktop

root@593cf95bd8cc:/# exit

Todo

  • Install/Run ELK
  • Start Daemon and watch folder with supervisord
  • Expose Logstash config folder as well as Nginx sites folder as Volumes
  • Add SSL
  • Integrate with Bro-IDS