This repo contains a ready to go elastic stack installation with tls activated.
- Clone Repo
- Adjust environment variables in .env (DO NOT CHANGE
ELASTIC_USERNAME) - Generate keys using
setup.docker-compose.yml(docker-compose -f setup.docker-compose.yml up) - Run main docker-compose file (
docker-compose up -d) - If elasticsearch container did not start sucessfully:
- Set owner permissions on
elk-stackdirectory (sudo chown -R elk-stack $USER)
- Set owner permissions on
- Set up Beats to send data to elasticsearch or an elastic agent for endpoint security
Host: elasticsearch
elasticsearch/config/elasticsearch.yml Configures elasticsearch.
Host: logstash
logstash/config/logstash.yml
logstash/config/pipelines.yml Registers pipelines using a defined config file.
logstash/pipeline/main.yml Each pipeline must have an input, filter and output tag. Input defines what data should be processed in the pipeline. Filter defines how the data should be processed. Output defines where the data should be sent.
Filebeat is a logfile shipper which can send data to elasticsearch directly or via Logstash to aggregate data. Filebeata must be installed on each client which should send data to elasticsearch.
Host: kibana
kibana/config/kibana.yml Configures Kibana.
To test the filebeat config, run filebeat test config
to test the filebeat output, run filebeat test output