Merge pull request #11 from wazuh/master

Merge pull request #10 from wazuh/2.0_5.4.2

README.md

@@ -2,14 +2,14 @@
 
 The first time than you runt this container can take a while until kibana finish the configuration, the Wazuh plugin can take a few minutes until finish the instalation, please be patient.
 
-# Docker container Wazuh + ELK(5.3.0)
+# Docker container Wazuh 2.0 + ELK(5.4.2)
 
 This Docker container source files can be found in our [Wazuh Github repository](https://github.com/wazuh/wazuh). It includes both an OSSEC manager and an Elasticsearch single-node cluster, with Logstash and Kibana. You can find more information on how these components work together in our documentation.
 
 ## Documentation
 
 * [Full documentation](http://documentation.wazuh.com)
-* [Wazug-docker module documentation](https://documentation.wazuh.com/current/docker/index.html)
+* [Wazuh-docker module documentation](https://documentation.wazuh.com/current/docker/index.html)
 * [Hub docker](https://hub.docker.com/u/wazuh)
 
 ## Credits and thank you

docker-compose.yml

@@ -36,7 +36,7 @@ services:
     environment:
       - LS_HEAP_SIZE=2048m
   elasticsearch:
-    image: elasticsearch:5.3.0
+    image: elasticsearch:5.4.2
     hostname: elasticsearch
     restart: always
     command: elasticsearch -E node.name="node-1" -E cluster.name="wazuh" -E network.host=0.0.0.0
@@ -61,7 +61,7 @@ services:
       - elasticsearch
     entrypoint: sh wait-for-it.sh elasticsearch
 #    environment:
-#      - "WAZUH_KIBANA_PLUGIN_URL=http://your.repo/wazuhapp-2.0_5.3.0.zip"
+#      - "WAZUH_KIBANA_PLUGIN_URL=http://your.repo/wazuhapp-2.0_5.4.2.zip"
 
 networks:
   docker_elk:

kibana/Dockerfile

@@ -1,4 +1,4 @@
-FROM kibana:5.3.0
+FROM kibana:5.4.2
 
 RUN apt-get update && apt-get install -y curl
 

kibana/config/wait-for-it.sh

@@ -5,7 +5,7 @@ set -e
 host="$1"
 shift
 cmd="kibana"
-WAZUH_KIBANA_PLUGIN_URL=${WAZUH_KIBANA_PLUGIN_URL:-https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_5.3.0.zip}
+WAZUH_KIBANA_PLUGIN_URL=${WAZUH_KIBANA_PLUGIN_URL:-https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_5.4.2.zip}
 
 until curl -XGET $host:9200; do
   >&2 echo "Elastic is unavailable - sleeping"

logstash/Dockerfile

@@ -1,4 +1,4 @@
-FROM logstash:5.3.0
+FROM logstash:5.4.2
 
 RUN apt-get update
 

logstash/config/logstash.conf

@@ -13,7 +13,7 @@ input {
 #input {
 #   file {
 #       type => "wazuh-alerts"
-#       path => "/var/ossec/data/logs/alerts/alerts.json"
+#       path => "/var/ossec/logs/alerts/alerts.json"
 #       codec => "json"
 #   }
 #}
@@ -21,13 +21,14 @@ filter {
     geoip {
         source => "srcip"
         target => "GeoLocation"
+        fields => ["city_name", "continent_code", "country_code2", "country_name", "region_name", "location"]
     }
     date {
         match => ["timestamp", "ISO8601"]
         target => "@timestamp"
     }
     mutate {
-        remove_field => [ "timestamp", "beat", "fields", "input_type", "tags", "count" ]
+        remove_field => [ "timestamp", "beat", "fields", "input_type", "tags", "count", "@version", "log", "offset", "type"]
     }
 }
 output {

wazuh/Dockerfile

@@ -18,8 +18,8 @@ RUN chmod 755 /init.bash &&\
   sync && rm /init.bash
 
 
-RUN  curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.1.2-x86_64.rpm &&\
+RUN  curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.4.2-x86_64.rpm &&\
-  rpm -vi filebeat-5.1.2-x86_64.rpm && rm filebeat-5.1.2-x86_64.rpm
+  rpm -vi filebeat-5.4.2-x86_64.rpm && rm filebeat-5.4.2-x86_64.rpm
 
 COPY config/filebeat.yml /etc/filebeat/