Skip to content
/ elk-suricata Public

This Docker Compose configuration sets up an Elastic Stack environment, including Elasticsearch, Kibana, Logstash, Metricbeat, Filebeat, and Suricata, using the specified versions.

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

asaura08/elk-suricata

BranchesTags

Repository files navigation

Elastic Stack Docker Compose Configuration

This Docker Compose configuration sets up an Elastic Stack environment, including Elasticsearch, Kibana, Logstash, Metricbeat, Filebeat, and Suricata, using the specified versions.

TL;DR

mv example.env .env && docker-compose up -d

https://localhost:5601

Username: elastic

Password: Megapassword

Prerequisites

Before running this Docker Compose setup, ensure you have Docker installed on your system.

Getting Started

To get started, follow these steps:

  1. Clone this repository to your local machine.
  2. Create a .env file in the root directory of the cloned repository and define the following environment variables:
    • STACK_VERSION: The version of the Elastic Stack components.
    • ES_PORT: The port for Elasticsearch.
    • KIBANA_PORT: The port for Kibana.
    • CLUSTER_NAME: The name of the Elasticsearch cluster.
    • ELASTIC_PASSWORD: The password for the Elasticsearch and Kibana users.
    • LICENSE: The type of license for X-Pack.
    • ES_MEM_LIMIT: The memory limit for Elasticsearch.
    • KB_MEM_LIMIT: The memory limit for Kibana.
    • ENCRYPTION_KEY: The encryption key for X-Pack.
  3. Run docker-compose up -d to start the Elastic Stack containers.

Services

The Docker Compose configuration defines the following services:

  • setup: Initializes the Elasticsearch environment, generates SSL certificates, sets file permissions, and waits for Elasticsearch availability.
  • es01: Elasticsearch service with SSL enabled and X-Pack security configured.
  • kibana: Kibana service configured to connect to Elasticsearch securely.
  • logstash01: Logstash service configured to send data to Elasticsearch.
  • metricbeat01: Metricbeat service for collecting metrics from the host and services.
  • filebeat01: Filebeat service for shipping log files to Elasticsearch.
  • suricata: Suricata service for intrusion detection, integrated with Elasticsearch.

Configuration

  • SSL certificates are stored in volumes for secure communication.
  • Each service depends on the health of the Elasticsearch service.
  • Services are configured to communicate securely over HTTPS.

Usage

Once the services are up and running, you can access Kibana at https://localhost:<KIBANA_PORT> and authenticate using the credentials configured in the .env file.

There are 2 folders to ingest data into the Elastic Stack:

  • filebeat_ingest_data: Contains log files to be ingested by Filebeat. By default, suricata logs are sent to this folder.
  • logstash_ingest_data: Contains log files to be ingested by Logstash.

Additional Information

For more information on configuring and customizing the Elastic Stack components, refer to the official documentation:

About

This Docker Compose configuration sets up an Elastic Stack environment, including Elasticsearch, Kibana, Logstash, Metricbeat, Filebeat, and Suricata, using the specified versions.

Topics

docker incident-response cybersecurity suricata ids elk-stack

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository