Adding env variables for alerts data flow

2025-10-23 16:14:15 +00:00 · 2019-02-08 15:32:36 +00:00
parent 4687360677
commit 15f35ca6a8
5 changed files with 46 additions and 27 deletions
--- a/elasticsearch/config/load_settings.sh
+++ b/elasticsearch/config/load_settings.sh
@@ -9,6 +9,13 @@ else
  el_url="${ELASTICSEARCH_URL}"
 fi

+if [ "x${WAZUH_API_URL}" = "x" ]; then
+  wazuh_url="https://wazuh"
+else
+  wazuh_url="${WAZUH_API_URL}"
+fi
+
+
 until curl -XGET $el_url; do
  >&2 echo "Elastic is unavailable - sleeping"
  sleep 5
@@ -35,7 +42,7 @@ if [ "x$CONFIG_CODE" = "x404" ]; then
  {
    "api_user": "'"$API_USER_Q"'",
    "api_password": "'"$API_PASSWORD"'",
-    "url": "https://wazuh",
+    "url": "'"$wazuh_url"'",
    "api_port": "55000",
    "insecure": "true",
    "component": "API",
--- a/kibana/config/kibana_settings.sh
+++ b/kibana/config/kibana_settings.sh
@@ -15,7 +15,20 @@ WAZUH_MAJOR=3
 # Do not ask user to help providing usage statistics to Elastic.
 ##############################################################################

-while [[ "$(curl -XGET -I  -s -o /dev/null -w ''%{http_code}'' kibana:5601/status)" != "200" ]]; do
+##############################################################################
+# Customize elasticsearch ip
+##############################################################################
+if [ "$ELASTICSEARCH_KIBANA_IP" != "" ]; then
+  sed -i "s/elasticsearch:9200/$ELASTICSEARCH_KIBANA_IP:9200/" /usr/share/kibana/config/kibana.yml
+fi
+
+if [ "$KIBANA_IP" != "" ]; then
+  kibana_ip="$KIBANA_IP"
+else
+  kibana_ip="kibana"
+fi
+
+while [[ "$(curl -XGET -I  -s -o /dev/null -w ''%{http_code}'' $kibana_ip:5601/status)" != "200" ]]; do
  echo "Waiting for Kibana API. Sleeping 5 seconds"
  sleep 5
 done
@@ -35,16 +48,16 @@ EOF

 sleep 5
 # Add the wazuh alerts index as default.
-curl -POST "http://kibana:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d@${default_index}
+curl -POST "http://$kibana_ip:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d@${default_index}
 rm -f ${default_index}

 sleep 5
 # Configuring Kibana TimePicker.
-curl -POST "http://kibana:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
+curl -POST "http://$kibana_ip:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
 '{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-24h\",\n  \"to\": \"now\",\n  \"mode\": \"quick\"}"}}'

 sleep 5
 # Do not ask user to help providing usage statistics to Elastic
-curl -POST "http://kibana:5601/api/telemetry/v1/optIn" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d '{"enabled":false}'
+curl -POST "http://$kibana_ip:5601/api/telemetry/v1/optIn" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d '{"enabled":false}'

 echo "End settings"
--- a/logstash/Dockerfile
+++ b/logstash/Dockerfile
@@ -4,3 +4,9 @@ FROM docker.elastic.co/logstash/logstash:6.5.4
 RUN rm -f /usr/share/logstash/pipeline/logstash.conf

 COPY config/01-wazuh.conf /usr/share/logstash/pipeline/01-wazuh.conf
+
+USER root
+COPY config/run.sh /run.sh
+RUN chmod +x /run.sh
+
+ENTRYPOINT ["/run.sh"]
--- a/logstash/config/run.sh
+++ b/logstash/config/run.sh
@@ -5,27 +5,12 @@
 # variables expected by this script.
 #

-#
-
-#
-# Apply Templates
-#
-
-set -e
-host="elasticsearch"
-until curl -XGET $host:9200; do
-  >&2 echo "Elastic is unavailable - sleeping"
-  sleep 1
-done
-
-# Add logstash as command if needed
-if [ "${1:0:1}" = '-' ]; then
-	set -- logstash "$@"
+##############################################################################
+# Customize logstash output ip
+##############################################################################
+if [ "$LOGSTASH_OUTPUT" != "" ]; then
+  sed -i "s/elasticsearch:9200/$LOGSTASH_OUTPUT:9200/" /usr/share/logstash/pipeline/01-wazuh.conf
+  sed -i "s/elasticsearch:9200/$LOGSTASH_OUTPUT:9200/" /usr/share/logstash/config/logstash.yml 
 fi

-# Run as user "logstash" if the command is "logstash"
-if [ "$1" = 'logstash' ]; then
-	set -- gosu logstash "$@"
-fi
-
-exec "$@"
+/usr/local/bin/docker-entrypoint
--- a/wazuh/config/entrypoint.sh
+++ b/wazuh/config/entrypoint.sh
@@ -141,6 +141,14 @@ eval $change_user

 popd

+
+##############################################################################
+# Customize filebeat output ip
+##############################################################################
+if [ "$FILEBEAT_OUTPUT" != "" ]; then
+  sed -i "s/logstash:5000/$FILEBEAT_OUTPUT:5000/" /etc/filebeat/filebeat.yml
+fi
+
 ##############################################################################
 # Start Wazuh Server.
 ##############################################################################