ex# Log Monitoring based on Hyperledger Fabric Blockchain
- The necessary plugins must be added as part of the Dockerfile included in logstash folder. E.g.:
- RUN logstash-plugin install logstash-output-mongodb
- RUN logstash-plugin install logstash-filter-uuid
- Create a file (.env) in the project root based on .env.example file.
- The .env file must be contain:
- OS_SURICATA=
- ELK_VERSION=
- MONGO_INITDB_DATABASE=
- MONGO_INITDB_COLLECTION=
- MONGO_INITDB_ROOT_USERNAME=
- MONGO_INITDB_ROOT_PASSWORD=
- ME_CONFIG_BASICAUTH_USERNAME=
- ME_CONFIG_BASICAUTH_PASSWORD=
- ME_CONFIG_MONGODB_ADMINUSERNAME=
- ME_CONFIG_MONGODB_ADMINPASSWORD=
- The .env file must be contain:
- Create a folder json-data
- Create a file eve.json in the same directory (json-data).
- The purpose of this feature is .gitignore file ignorates the eve.json to avoid overhead the repository with a huge json file.
- Set execution permissions to eve.json file E.g.: sudo chmod +x -R json-data/*
- Create folders mkdir -pv mongodb/database
- Create folders mkdir -pv mongodb/entrypoint
- Set the entrypoint file mongo-init.js
- Set execution permissions to mongodb folder E.g.: sudo chmod +x -R mongodb/*
- Create the file .dbshell
- Set execution permissions to .dbshell file E.g.: sudo chmod +x -R mongodb/.dbshell
- Start: docker-compose up -d
- Stop: docker-compose stop
- Down: docker-compose down
- To connect to mongo docker, e.g., docker exec -it bad88f0b0326 bash
- To log in in mongodb client, e.g., mongo -u lourdes -p changeme
- To connect to database, e.g., use suricata
- To show collectios created, e.g., show collections
- To see inside collections, e.g., db.suricata.find().pretty()
- To transfer the data, e.g., curl https://downloads.mongodb.com/compass/mongosh-1.0.1-linux-x64.tgz --output mongosh-1.0.1-linux-x64.tgz
- To unzip mongosh-1.0.1-linux-x64, e.g., tar -zxvf mongosh-1.0.1-linux-x64.tgz
- To access to bin folder, e.g., cd mongosh-1.0.1-linux-x64/bin
- To log in mongodb client, e.g., ./mongosh mongodb://lourdes:changeme@172.20.0.3:27017/suricata
- To authenticate in the database, e.g., ./mongosh mongodb://lourdes:changeme@172.18.0.2:27017/suricata?authSource=admin
- Install plugins properly. 🔚
- Sync logstash and mongodb
- Add right rules to suricata in order to collect proper logs.
- To test the UUID and Json filters the mongodb plugin is disabled and then the file plugin is enabled:
- file {path => "/usr/share/logstash/output/output.json"}