diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 00000000..7dfc999c
Binary files /dev/null and b/.DS_Store differ
diff --git a/docker-compose.yml b/docker-compose.yml
index 1b161e1b..505a6f19 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -27,8 +27,6 @@ services:
     command: -f /etc/logstash/conf.d/
     ports:
       - "5000:5000"
-    volumes_from:
-      - wazuh
 #    networks:
 #      - docker_elk
     depends_on:
@@ -43,7 +41,7 @@ services:
 #      - docker_elk
     depends_on:
       - elasticsearch
-    entrypoint: ./wait-for-it.sh elasticsearch
+    entrypoint: sh wait-for-it.sh elasticsearch
 
 #networks:
 #  docker_elk:
diff --git a/kibana/Dockerfile b/kibana/Dockerfile
index 0389a507..c13271d3 100644
--- a/kibana/Dockerfile
+++ b/kibana/Dockerfile
@@ -4,6 +4,6 @@ RUN apt-get update && apt-get install -y curl
 
 COPY ./config/kibana.yml /opt/kibana/config/kibana.yml
 
-RUN /usr/share/kibana/bin/kibana-plugin install http://packages.wazuh.com.s3-website-us-west-1.amazonaws.com/wazuhapp/wazuhapp-5.1.2.zip
+RUN /usr/share/kibana/bin/kibana-plugin install http://packages.wazuh.com.s3-website-us-west-1.amazonaws.com/wazuhapp/wazuhapp.zip
 
-#COPY config/wait-for-it.sh /
+COPY config/wait-for-it.sh /
diff --git a/logstash/config/logstash.conf b/logstash/config/logstash.conf
index dadaa30b..5ab0c42a 100644
--- a/logstash/config/logstash.conf
+++ b/logstash/config/logstash.conf
@@ -1,22 +1,22 @@
 # Wazuh - Logstash configuration file
 ## Remote Wazuh Manager - Filebeat input
-#input {
-#    beats {
-#        port => 5000
-#        codec => "json_lines"
+input {
+    beats {
+        port => 5000
+        codec => "json_lines"
 #        ssl => true
 #        ssl_certificate => "/etc/logstash/logstash.crt"
 #        ssl_key => "/etc/logstash/logstash.key"
-#    }
-#}
-## Local Wazuh Manager - JSON file input
-input {
-   file {
-       type => "wazuh-alerts"
-       path => "/var/ossec/logs/alerts/alerts.json"
-       codec => "json"
-   }
+    }
 }
+## Local Wazuh Manager - JSON file input
+#input {
+#   file {
+#       type => "wazuh-alerts"
+#       path => "/var/ossec/data/logs/alerts/alerts.json"
+#       codec => "json"
+#   }
+#}
 filter {
     geoip {
         source => "srcip"
@@ -28,7 +28,7 @@ filter {
 }
 output {
     elasticsearch {
-        hosts => ["localhost:9200"]
+        hosts => ["elasticsearch:9200"]
         index => "wazuh-alerts-%{+YYYY.MM.dd}"
         document_type => "wazuh"
         template => "/etc/logstash/wazuh-elastic5-template.json"
diff --git a/logstash/config/run.sh b/logstash/config/run.sh
index 97840f88..ddbd7bc9 100644
--- a/logstash/config/run.sh
+++ b/logstash/config/run.sh
@@ -24,7 +24,3 @@ if [ "$1" = 'logstash' ]; then
 fi
 
 exec "$@"
-
-#echo "Wait one min to logstash restart"
-#sleep 60
-#curl -XPUT -v -H "Expect:"  "http://elasticsearch:9200/_template/ossec" -d@/etc/logstash/elastic5-ossec-template.json
diff --git a/wait-for-it.sh b/wait-for-it.sh
new file mode 100755
index 00000000..cdbc01d7
--- /dev/null
+++ b/wait-for-it.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -e
+
+host="$1"
+shift
+cmd="$@"
+
+until curl -XGET $host:9200; do
+  >&2 echo "Elastic is unavailable - sleeping"
+  sleep 1
+done
+
+>&2 echo "Elastic is up - executing command"
+exec $cmd
diff --git a/wazuh/Dockerfile b/wazuh/Dockerfile
index ae88ad55..58b81365 100644
--- a/wazuh/Dockerfile
+++ b/wazuh/Dockerfile
@@ -16,6 +16,11 @@ RUN chmod 755 /init.bash &&\
   sync && rm /init.bash
 
 
+RUN  curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.1.2-x86_64.rpm &&\
+  rpm -vi filebeat-5.1.2-x86_64.rpm && rm filebeat-5.1.2-x86_64.rpm
+
+COPY config/filebeat.yml /etc/filebeat/
+
 ADD config/run.sh /tmp/run.sh
 RUN chmod 755 /tmp/run.sh
 
diff --git a/wazuh/config/default_agent b/wazuh/config/default_agent
deleted file mode 100644
index e2c8ff8c..00000000
--- a/wazuh/config/default_agent
+++ /dev/null
@@ -1 +0,0 @@
-127.0.0.1,DEFAULT_LOCAL_AGENT
diff --git a/wazuh/config/filebeat.yml b/wazuh/config/filebeat.yml
new file mode 100644
index 00000000..7f076793
--- /dev/null
+++ b/wazuh/config/filebeat.yml
@@ -0,0 +1,16 @@
+filebeat:
+ prospectors:
+  - input_type: log
+    paths:
+     - "/var/ossec/data/logs/alerts/alerts.json"
+    document_type: wazuh-alerts
+    json.message_key: log
+    json.keys_under_root: true
+    json.overwrite_keys: true
+
+output:
+ logstash:
+   # The Logstash hosts
+   hosts: ["logstash:5000"]
+#   ssl:
+#     certificate_authorities: ["/etc/filebeat/logstash.crt"]
diff --git a/wazuh/config/run.sh b/wazuh/config/run.sh
index 1b442a74..4a0ad464 100644
--- a/wazuh/config/run.sh
+++ b/wazuh/config/run.sh
@@ -100,6 +100,7 @@ LAST_OK_DATE=`date +%s`
 #cd /var/ossec/update/ruleset && python ossec_ruleset.py
 
 /bin/node /var/ossec/api/app.js &
+/usr/bin/filebeat.sh &
 /var/ossec/bin/ossec-control restart