Public | Automated Build

Last pushed: a year ago
Short Description
[DEPRICATED] - continued here - blacktop/elastic-stack
Full Description

[DEPRICATED] - continued here - blacktop/elastic-stack

This repository contains a Dockerfile of ELK.

Dependencies

Image Tags

$ docker images

REPOSITORY          TAG                 VIRTUAL SIZE
blacktop/elk        latest              668   MB
blacktop/elk        5.0-alpha           659   MB
blacktop/elk        4.4                 665   MB
blacktop/elk        4.3                 688   MB
blacktop/elk        4.2                 669   MB
blacktop/elk        3                   542   MB

Installation

  1. Install Docker
  2. Download trusted build from public Docker Registry: docker pull blacktop/elk

Getting Started

$ docker run -d --name elk -p 80:80 -p 9200:9200 blacktop/elk

Now navigate to $(docker inspect -f '{{ .NetworkSettings.IPAddress }}' elk)

Or try out the :new: Elastic Stack v5.0-alpha5

$ docker run -d --name elk -p 80:80 -p 9200:9200 -e ES_JAVA_OPTS="-Xms2g -Xmx2g" blacktop/elk:5.0-alpha

NOTE: ES_JAVA_OPTS="-Xms2g -Xmx2g" sets the HEAP_MAX and HEAP_MIN to 2GB.

Documentation

Add some test data

Let us index some data into Elasticsearch so we can try it out. To do this you can run config/test_index.py which contains the following code:

$ pip install elasticsearch
from datetime import datetime
from elasticsearch import Elasticsearch

es = Elasticsearch(['http://<docker.container.ip>'])

for i in range(10000):
    doc = {'author': 'kimchy', 'text': 'Elasticsearch: cool. bonsai cool.', 'timestamp': datetime.now()}
    res = es.index(index="test-index", doc_type='tweet', id=i, body=doc)
    # print(res['created'])

res = es.get(index="test-index", doc_type='tweet', id=1)
print(res['_source'])

es.indices.refresh(index="test-index")

res = es.search(index="test-index", body={"query": {"match_all": {}}})
print("Got %d Hits:" % res['hits']['total'])
for hit in res['hits']['hits']:
    print("%(timestamp)s %(author)s: %(text)s" % hit["_source"])
  • Navigate to the docker-machine ip or docker ip in a web browser.
  • You will be prompted for a user/pass which defaults to:

    • user: admin
    • password: admin
  • Now enter test-index in the index field and select timestamp

  • Go to the Discover Tab and see those absolutely gorgeous logs!

Navigate to Kibana

If you are using docker-machine navigate to $(docker-machine ip)

As a convenience you can add the docker-machine IP to you /etc/hosts file:

$ echo $(docker-machine ip) dockerhost | sudo tee -a /etc/hosts

Now you can navigate to http://dockerhost from your host and login with: user: admin/password: admin

Change Kibana's Nginx password

$ docker exec -it elk bash
root@593cf95bd8cc:/# htpasswd -D /etc/nginx/.htpasswd admin
Deleting password for user admin

root@593cf95bd8cc:/# htpasswd /etc/nginx/.htpasswd blacktop
New password: *****
Re-type new password: *****
Adding password for user blacktop

root@593cf95bd8cc:/# exit

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.

Credits

Todo

  • [x] Install/Run ELK
  • [x] Start Daemon and watch folder with supervisord
  • [x] Expose Logstash config folder as well as Nginx sites folder as Volumes
  • [ ] Add SSL
  • [ ] Integrate with Bro-IDS

License

MIT Copyright (c) 2015-2016 blacktop

Docker Pull Command
Owner
blacktop
Source Repository

Comments (1)
martycurran
2 years ago

Hi, Docker Attach does not appear to work with the container. I'd like to access to add filters etc. Is there a reason for this. Docker inspect works but not attach