khezen/logstash Docker Image Overview

khezen/logstash

自动构建

khezen

Logstash Docker image.

2 次收藏下载次数: 0状态：自动构建维护者：khezen仓库类型：镜像最近更新：6 年前

轩辕镜像，加速的不只是镜像。点击查看

镜像简介版本下载

轩辕镜像，加速的不只是镜像。点击查看

![]([***]

Supported tags and respective `Dockerfile` links

2.4.1, 2.4, 2 (2.4/Dockerfile)
5.1.2, 5.1, 5, latest (5.0/Dockerfile)

What is logstash?

Logstash is an open source, server-side data processing pipeline that ingests data from a multitude of sources simultaneously, transforms it, and then sends it to your favorite “stash.” (Elasticsearch for example.)

[]([***]

How To Use

docker engine

docker run -d -p 5000:5000 - p 5001:5001 khezen/logstash:latest

docker-compose

File Descriptors and MMap

run the following command on your host:

sysctl -w vm.max_map_count=262144

You can set it permanently by modifying vm.max_map_count setting in your /etc/sysctl.conf.

docker-compose.yml

version: '3'
services:
    elasticsearch:
        image: khezen/elasticsearch:2
        environment:
            ELASTIC_PWD: changeme
            KIBANA_PWD: brucewayne
            LOGSTASH_PWD: heizenberg
        volumes:
            - /data/elasticsearch:/usr/share/elasticsearch/data
            - /etc/elasticsearch:/usr/share/elasticsearch/config 
        ports:
             - "9200:9200"
             - "9300:9300"
        network_mode: bridge
        restart: unless-stopped
    
    kibana:
        links:
            - elasticsearch:elasticsearch-0
        image: khezen/kibana:4
        environment:
            KIBANA_PWD: brucewayne
            ELASTICSEARCH_HOST: elasticsearch-0
            ELASTICSEARCH_PORT: 9200
        volumes:
            - /etc/kibana:/opt/kibana/config
        ports:
             - "5601:5601"
        network_mode: bridge
        restart: unless-stopped

    logstash:
        links:
            - elasticsearch:elasticsearch-0
        image: khezen/logstash:2
        environment:
            LOGSTASH_PWD: heizenberg
            ELASTICSEARCH_HOST: elasticsearch-0
            ELASTICSEARCH_PORT: 9200
        volumes:
            - /etc/logstash:/etc/logstash/conf.d
            - /etc/elasticsearch/searchguard/ssl:/etc/elasticsearch/searchguard/ssl
        ports:
             - "5000:5000"
             - "5001:5001"
        network_mode: bridge
        restart: unless-stopped

Environment Variables

HEAP_SIZE | 1g

Defines the maximum memory allocated to logstash.

LOGSTASH_PWD | changeme

password for elasticsearch built-in user logstash.

ELASTICSEARCH_HOST | elasticsearch

Elasticsearch hostname.

ELASTICSEARCH_PORT | 9200

Elasticsearch port.

TS_PWD | changeme

Truststore password

Default config

input {
	tcp {
		port => 5000
		codec => "json"
	}
	udp {
		port => 5001
		codec => "json"
	}
}

filter {
	date {
		match => [ "timestamp", "dd/MMM/YYYY:HH:mm:ss Z" ]
	}
	geoip {
    	source => "clientip"
 	}
  	useragent {
    	source => "agent"
    	target => "useragent"
  	}
}

output {
	elasticsearch {
		hosts => "${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"
    user => "logstash"
    password => "${LOGSTASH_USER}"
		ssl => true
    ssl_certificate_verification => true
		truststore => "/etc/elasticsearch/searchguard/ssl/truststore.jks"
    truststore_password => "${TS_PWD}"
	}
}