Skip to content

AlexisGuillotin/database-for-logs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
elk-docker
elk-docker
 
 
images
images
 
 
Presentation.pptx
Presentation.pptx
 
 
README.md
README.md
 
 
Rapport.docx
Rapport.docx
 
 

Repository files navigation

database-for-logs

Execute following command in cmd.exe to increase max size of VM:

wsl -d docker-desktop
sysctl -w vm.max_map_count=262144

Pulling and building an existing ELK Stack docker image:

git clone https://github.com/spujadas/elk-docker.git

Installing Plugins:

Open the Dockerfile 
sudo nano Dockerfile

ElasticSearch

  1. Add the following at the end of the Dockerfile:
FROM sebp/elk
ENV ES_HOME /opt/elasticsearch
WORKDIR ${ES_HOME}
RUN yes | CONF_DIR=/etc/elasticsearch gosu elasticsearch bin/elasticsearch-plugin \
    install -b <plugin name or link>
  1. Save the Dockerfile and close the editor.
  2. Build the image using either docker build or docker-compose.

Logstash

1. Add the following code to the Dockerfile: 
FROM sebp/elk
WORKDIR ${LOGSTASH_HOME}
RUN gosu logstash bin/logstash-plugin install <plugin name>
  1. Save the contents and close the Dockerfile.
  2. Run the build to install the plugin.

Kibana

  1. Insert the following code at the end of the Dockerfile:
FROM sebp/elk
WORKDIR ${KIBANA_HOME}
RUN gosu kibana bin/kibana-plugin install <plugin name or link>;
  1. Save the file and close.
  2. Build the Docker image and check the output for the installation results.

Running the ELK Container

  1. Run following commands in /elk-docker:
docker build -t elk-docker .
  1. Then you need to run following commands in /elk-docker/nginx-filebeat/:
docker stop elk
docker stop elk_filebeat
docker stop elk-docker
docker stop elk_filebeat-docker

docker rm elk
docker rm elk_filebeat
docker rm elk-docker
docker rm elk_filebeat-docker

docker network create -d bridge elknet
docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -it --name elk --network=elknet elk-docker
docker run -p 80:80 -it --name elk_filebeat --network=elknet elk_filebeat-docker

Install Elastic Agent on elk_filebeats:

docker exec -it elk_filebeat /bin/bash
curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.5.3-linux-x86_64.tar.gz
tar xzvf elastic-agent-8.5.3-linux-x86_64.tar.gz
cd elastic-agent-8.5.3-linux-x86_64
sudo ./elastic-agent install --url=https://eb844be5acaa4359971c6893b1273c64.fleet.us-central1.gcp.cloud.es.io:443 --enrollment-token=cDhNbUc0VUJnNHBmUHkxQU5KMkc6QldyTF9vdm9UalNfRGV3OGIyaHdxdw==

The command publishes the following ports:

  • 5601: Kibana web interface.
  • 9200: Elasticsearch JSON interface.
  • 5044: Logstash Beats interface

Access Kibana web interface with http://:5601

Documentation

Acknowledgments

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •