logstash need to apply until elastic work

2025-11-03 05:23:14 +00:00 · 2017-02-02 11:45:28 +00:00
parent 25a4014a07
commit 33fa95da11
3 changed files with 11 additions and 8 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,13 +7,12 @@ services:
    ports:
      - "1514/udp:1514/udp"
      - "1515:1515"
-      - "514/udp:514/udp"
+#      - "514/udp:514/udp"
      - "55000:55000"
    networks:
      - docker_elk
    volumes:
-      - /mnt:/var/ossec/data
+      - /mnt/data/ossec/wazuh:/var/ossec/data
    depends_on:
      - elasticsearch
  elasticsearch:
@@ -24,9 +23,9 @@ services:
      - "9200:9200"
      - "9300:9300"
    environment:
-      ES_JAVA_OPTS: "-Xms5g -Xmx5g"
+      ES_JAVA_OPTS: "-Xms64g -Xmx64g"
-#    volumes:
+    volumes:
-#      - volume-path:/usr/share/elasticsearch/data
+      - /mnt/data/ossec/elasticsearch:/usr/share/elasticsearch/data
    networks:
      - docker_elk
  logstash:
--- a/logstash/Dockerfile
+++ b/logstash/Dockerfile
@@ -1,8 +1,7 @@
 FROM logstash:5.1.2
 RUN apt-get update
-RUN groupadd -g 1000 ossec && useradd -u 1000 -g 1000 ossec &&\
+
    usermod -a -G ossec logstash
 COPY config/logstash.conf /etc/logstash/conf.d/logstash.conf
 COPY config/wazuh-elastic5-template.json /etc/logstash/wazuh-elastic5-template.json
--- a/logstash/config/run.sh
+++ b/logstash/config/run.sh
@@ -12,6 +12,11 @@
 #
 set -e
 host="elasticsearch"
 until curl -XGET $host:9200; do
  >&2 echo "Elastic is unavailable - sleeping"
  sleep 1
 done
 # Add logstash as command if needed
 if [ "${1:0:1}" = '-' ]; then