wazuh/wazuh-docker
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-docker.git synced 2025-12-10 15:25:53 -06:00
Code Issues Packages Projects Releases 118 Wiki Activity

update README.md

Browse Source
This commit is contained in:
Jose Luis Ruiz 2017-02-07 17:19:52 +01:00
parent b4691af98d
commit 450ef5d0c7
5 changed files with 86 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
README.md
View File

@ -8,10 +8,11 @@ It will give you the ability to analyze any data set by using the searching/aggr
Based on the official images: Based on the official images:
* [elasticsearch](https://registry.hub.docker.com/_/elasticsearch/)
* [logstash](https://registry.hub.docker.com/_/logstash/)
* [kibana](https://registry.hub.docker.com/_/kibana/)
* [Wazuh](https://github.com/wazuh/wazuh) * [Wazuh](https://github.com/wazuh/wazuh)
* [logstash](https://registry.hub.docker.com/_/logstash/)
* [elasticsearch](https://registry.hub.docker.com/_/elasticsearch/)
* [kibana](https://registry.hub.docker.com/_/kibana/)
# Requirements # Requirements
@ -28,6 +29,7 @@ You need to increase `max_map_count` on your Docker host:
```bash ```bash
$ sudo sysctl -w vm.max_map_count=262144 $ sudo sysctl -w vm.max_map_count=262144
``` ```
To set this value permanently, update the vm.max_map_count setting in /etc/sysctl.conf. To verify after rebooting, run sysctl vm.max_map_count.
## SELinux ## SELinux
@ -53,19 +55,13 @@ You can also choose to run it in background (detached mode):
$ docker-compose up -d $ docker-compose up -d
``` ```
Now that the stack is running, you'll want to inject logs in it. The shipped logstash configuration allows you to send content via tcp:
```bash
$ nc localhost 5000 < /path/to/logfile.log
```
And then access Kibana UI by hitting [http://localhost:5601](http://localhost:5601) with a web browser. And then access Kibana UI by hitting [http://localhost:5601](http://localhost:5601) with a web browser.
*NOTE*: You'll need to inject data into logstash before being able to create a logstash index in Kibana. Then all you should have to do is to hit the create button.
See: https://www.elastic.co/guide/en/kibana/current/setup.html#connect
By default, the stack exposes the following ports: By default, the stack exposes the following ports:
* 1514: Wazuh UDP.
* 1515: Wazuh TCP.
* 514 : Wazuh UDP.
* 55000: Wazuh API.
* 5000: Logstash TCP input. * 5000: Logstash TCP input.
* 9200: Elasticsearch HTTP * 9200: Elasticsearch HTTP
* 9300: Elasticsearch TCP transport * 9300: Elasticsearch TCP transport
@ -94,6 +90,26 @@ can create more than one file in that folder if you'd like to. However, you must
The Logstash container use the *LS_HEAP_SIZE* environment variable to determine how much memory should be associated to the JVM heap memory (defaults to 500m). The Logstash container use the *LS_HEAP_SIZE* environment variable to determine how much memory should be associated to the JVM heap memory (defaults to 500m).
## How can I configure Wazuhapp plugin?
Select Wazuh APP in the left menu and then add the parameters
![Alt text](images/image-1.png?raw=true "Image 1")
The default configuration is:
```
User: foo
Password: bar
URL: http://wazuh
Port: 55000
```
![Alt text](images/image-2.png?raw=true "Image 2")
![Alt text](images/image-3.png?raw=true "Image 2")
If you want to override the default configuration, add the *LS_HEAP_SIZE* environment variable to the container in the `docker-compose.yml`: If you want to override the default configuration, add the *LS_HEAP_SIZE* environment variable to the container in the `docker-compose.yml`:
```yml ```yml
@ -165,6 +181,7 @@ version: '2'
services: services:
wazuh: wazuh:
image: wazuh/wazuh:latest image: wazuh/wazuh:latest
hostname: wazuh-manager
ports: ports:
- "1514:1514" - "1514:1514"
- "1515:1515" - "1515:1515"
@ -174,7 +191,8 @@ services:
- docker_elk - docker_elk
elasticsearch: elasticsearch:
image: elasticsearch:latest image: elasticsearch:latest
command: elasticsearch -E node.name="node-1" -E cluster.name="wazuh " -E network.host=0.0.0.0 hostname: elasticsearch
command: elasticsearch -E node.name="node-1" -E cluster.name="wazuh" -E network.host=0.0.0.0
ports: ports:
- "9200:9200" - "9200:9200"
- "9300:9300" - "9300:9300"
@ -184,11 +202,12 @@ services:
- docker_elk - docker_elk
logstash: logstash:
image: wazuh/wazuh-logstash:latest image: wazuh/wazuh-logstash:latest
hostname: logstash
command: -f /etc/logstash/conf.d/ command: -f /etc/logstash/conf.d/
ports: ports:
- "5000:5000" - "5000:5000"
volumes_from: # volumes_from:
- wazuh # - wazuh
networks: networks:
- docker_elk - docker_elk
depends_on: depends_on:
@ -197,12 +216,15 @@ services:
- LS_HEAP_SIZE=2048m - LS_HEAP_SIZE=2048m
kibana: kibana:
image: wazuh/wazuh-kibana:latest image: wazuh/wazuh-kibana:latest
hostname: kibana
ports: ports:
- "5601:5601" - "5601:5601"
networks: networks:
- docker_elk - docker_elk
depends_on: depends_on:
- wazuh/wazuh-elasticsearch - wazuh/wazuh-elasticsearch
entrypoint: sh wait-for-it.sh elasticsearch
networks: networks:
docker_elk: docker_elk:

67
docker-compose.yml
View File

@ -11,42 +11,68 @@ services:
# - "514/udp:514/udp" # - "514/udp:514/udp"
- "55000:55000" - "55000:55000"
networks: networks:
- docker_elk docker_elk:
volumes: ipv4_address: 172.25.0.101
- /mnt/data/ossec/wazuh:/var/ossec/data extra_hosts:
- "logstash:172.25.0.102"
- "elasticsearch:172.25.0.103"
- "kibana:172.25.0.104"
# volumes:
# - /mnt/data/ossec/wazuh:/var/ossec/data
depends_on: depends_on:
- elasticsearch - elasticsearch
logstash:
build: logstash/
hostname: logstash
command: -f /etc/logstash/conf.d/
links:
- kibana
- elasticsearch
# ports:
# - "5000:5000"
networks:
docker_elk:
ipv4_address: 172.25.0.102
extra_hosts:
- "wazuh:172.25.0.101"
- "elasticsearch:172.25.0.103"
- "kibana:172.25.0.104"
depends_on:
- elasticsearch
environment:
- LS_HEAP_SIZE=2048m
elasticsearch: elasticsearch:
image: elasticsearch:5.1.2 image: elasticsearch:5.1.2
hostname: elasticsearch
restart: always restart: always
command: elasticsearch -E node.name="node-1" -E cluster.name="wazuh" -E network.host=0.0.0.0 command: elasticsearch -E node.name="node-1" -E cluster.name="wazuh" -E network.host=0.0.0.0
ports: ports:
- "9200:9200" - "9200:9200"
- "9300:9300" - "9300:9300"
environment: environment:
ES_JAVA_OPTS: "-Xms64g -Xmx64g" ES_JAVA_OPTS: "-Xms2g -Xmx2g"
volumes: # volumes:
- /mnt/data/ossec/elasticsearch:/usr/share/elasticsearch/data # - /mnt/data/ossec/elasticsearch:/usr/share/elasticsearch/data
networks: networks:
- docker_elk docker_elk:
logstash: ipv4_address: 172.25.0.103
build: logstash/ extra_hosts:
command: -f /etc/logstash/conf.d/ - "wazuh:172.25.0.101"
# ports: - "logstash:172.25.0.102"
# - "5000:5000" - "kibana:172.25.0.104"
networks:
- docker_elk
depends_on:
- elasticsearch
environment:
- LS_HEAP_SIZE=2048m
kibana: kibana:
build: kibana/ build: kibana/
hostname: kibana
restart: always restart: always
ports: ports:
- "5601:5601" - "5601:5601"
networks: networks:
- docker_elk docker_elk:
ipv4_address: 172.25.0.104
extra_hosts:
- "wazuh:172.25.0.101"
- "logstash:172.25.0.102"
- "elasticsearch:172.25.0.103"
depends_on: depends_on:
- elasticsearch - elasticsearch
entrypoint: sh wait-for-it.sh elasticsearch entrypoint: sh wait-for-it.sh elasticsearch
@ -54,3 +80,6 @@ services:
networks: networks:
docker_elk: docker_elk:
driver: bridge driver: bridge
ipam:
config:
- subnet: 172.25.0.0/24

BIN
images/image-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 81 KiB

BIN
images/image-2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 86 KiB

BIN
images/image-3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 132 KiB