commit b995914fb259b66a26d996783ebeb17f1b84ee12
author Tony Mack <tony.mack@gmail.com> Sat Mar 12 14:13:24 2016 +0000
committer Tony Mack <tony.mack@gmail.com> Sat Mar 12 14:13:24 2016 +0000
tree 21a71651183d5831d185ea244bdfd01292fb3f5d
parent b1904148b72a9f2425a484dd671fbd189192770e

initial checkin

containers/elk/README.md

diff --git a/containers/elk/README.md b/containers/elk/README.md
new file mode 100644
index 0000000..a04da86
--- /dev/null
+++ b/containers/elk/README.md
@@ -0,0 +1,49 @@
+# XOS ELK Stack Containers
+
+## Introduction
+
+ELK Stack is comprised of 3 core services:
+
+  * A Elasticsearch database backend
+  * A Logstash log collector 
+  * A Kibana front end
+
+We have created separate dockerfiles for each of these services, making it
+easier to build and deploy the services independently.
+
+#### Elasticsearch
+
+To build the Elasticsearch container:
+
+```
+$ cd elasticsearch; make build && make run
+```
+
+#### Logstash
+
+To build the Logstash container:
+
+```
+$ cd logstash; make build && make run
+```
+
+#### Kibana
+
+To build the Kibana container:
+
+```
+$ cd kibana; make build && make run
+```
+
+### Forwarding logs to Logstash
+
+Now that we have elk stack setup we need to start sending it some log files to process. We've provided a logstash-forwarder container that can be deployed on any host that has log files which you would like to have processed. 
+
+#### Logstash-forwarder
+
+To build the Loststash-forwarder container
+
+...
+$ cd logstash-forwarder; make build && make run
+...
+

containers/elk/elasticsearch/Dockerfile

diff --git a/containers/elk/elasticsearch/Dockerfile b/containers/elk/elasticsearch/Dockerfile
new file mode 100644
index 0000000..33206b8
--- /dev/null
+++ b/containers/elk/elasticsearch/Dockerfile
@@ -0,0 +1,23 @@
+FROM ubuntu:14.04.2
+
+RUN echo "deb http://packages.elastic.co/elasticsearch/1.7/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-1.7.list
+
+RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y --force-yes\
+    openjdk-7-jre-headless \
+    wget \
+    elasticsearch
+
+VOLUME ["/data"]
+
+ADD conf/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml
+ADD conf/elasticsearch.yml /usr/share/elasticsearch/config
+
+WORKDIR /data
+
+# Expose ports.
+#   - 9200: HTTP
+#   - 9300: transport
+EXPOSE 9200
+EXPOSE 9300     
+
+CMD ["/usr/share/elasticsearch/bin/elasticsearch"]

containers/elk/elasticsearch/Makefile

diff --git a/containers/elk/elasticsearch/Makefile b/containers/elk/elasticsearch/Makefile
new file mode 100644
index 0000000..9b01b93
--- /dev/null
+++ b/containers/elk/elasticsearch/Makefile
@@ -0,0 +1,11 @@
+.PHONY: build
+build: ; docker build --rm -t elasticsearch .
+
+.PHONY: run
+run: ; docker run -d -p 9200:9200 --name elasticsearch_server elasticsearch
+
+.PHONY: stop
+stop: ; docker stop elasticsearch_server
+
+.PHONY: rmcontainer
+rmcontainer: ; docker rm elasticsearch_server

containers/elk/elasticsearch/conf/elasticsearch.yml

diff --git a/containers/elk/elasticsearch/conf/elasticsearch.yml b/containers/elk/elasticsearch/conf/elasticsearch.yml
new file mode 100644
index 0000000..72be0f9
--- /dev/null
+++ b/containers/elk/elasticsearch/conf/elasticsearch.yml
@@ -0,0 +1,5 @@
+path:
+  data: /data/data
+  logs: /data/log
+  plugins: /data/plugins
+  work: /data/work

containers/elk/kibana/Dockerfile

diff --git a/containers/elk/kibana/Dockerfile b/containers/elk/kibana/Dockerfile
new file mode 100644
index 0000000..fcfe625
--- /dev/null
+++ b/containers/elk/kibana/Dockerfile
@@ -0,0 +1,37 @@
+FROM ubuntu:14.04.2
+
+ENV KIBANA_VERSION kibana-4.0.1-linux-x64
+ENV KIBANA_SECURE true
+ENV KIBANA_USER kibana
+ENV KIBANA_PASSWORD kibana
+
+RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y \
+    wget \ 
+    nginx-full \
+    apache2-utils \
+    supervisor
+
+WORKDIR /opt
+
+RUN wget --no-check-certificate -O- https://download.elasticsearch.org/kibana/kibana/${KIBANA_VERSION}.tar.gz | tar xvfz -
+
+RUN mkdir /etc/kibana # This is where the htpasswd file is placed by the run script
+
+ADD conf/kibana /etc/nginx/sites-available/kibana
+
+ADD conf/kibana-secure /etc/nginx/sites-available/kibana-secure
+
+RUN rm /etc/nginx/sites-enabled/*
+
+RUN echo "daemon off;" >> /etc/nginx/nginx.conf
+
+ADD conf/supervisord.conf /etc/supervisor/conf.d/kibana.conf
+
+ADD run_kibana /opt/${KIBANA_VERSION}/run_kibana
+
+RUN chmod +x /opt/${KIBANA_VERSION}/run_kibana
+
+EXPOSE 80
+EXPOSE 5601
+
+CMD /opt/${KIBANA_VERSION}/run_kibana

containers/elk/kibana/Makefile

diff --git a/containers/elk/kibana/Makefile b/containers/elk/kibana/Makefile
new file mode 100644
index 0000000..c44491a
--- /dev/null
+++ b/containers/elk/kibana/Makefile
@@ -0,0 +1,14 @@
+.PHONY: build
+build: ; docker build --rm -t kibana .
+
+.PHONY: run
+run: ; docker run -d --link elasticsearch_server:elasticsearch -p 8000:80 -e KIBANA_SECURE=false --name kibana_server kibana
+
+.PHONY: runsecure
+runsecure: ; docker run -d --link elasticsearch_server:elasticsearch -p 5601:80  --name kibana_server kibana
+
+.PHONY: stop
+stop: ; docker stop kibana_server
+
+.PHONY: rmcontainer
+rmcontainer: ; docker rm kibana_server

containers/elk/kibana/conf/kibana

diff --git a/containers/elk/kibana/conf/kibana b/containers/elk/kibana/conf/kibana
new file mode 100644
index 0000000..c5c3031
--- /dev/null
+++ b/containers/elk/kibana/conf/kibana
@@ -0,0 +1,17 @@
+server {
+  listen   80; ## listen for ipv4; this line is default and implied
+  listen   [::]:80 default ipv6only=on; ## listen for ipv6
+
+  # Make site accessible from http://localhost/
+  server_name localhost;
+
+  location = /health {
+    return 200;
+    access_log off;
+  }
+
+  location / {
+    proxy_pass http://kibana:5601;
+    proxy_read_timeout 90;
+  }
+}

containers/elk/kibana/conf/kibana-secure

diff --git a/containers/elk/kibana/conf/kibana-secure b/containers/elk/kibana/conf/kibana-secure
new file mode 100644
index 0000000..760f161
--- /dev/null
+++ b/containers/elk/kibana/conf/kibana-secure
@@ -0,0 +1,24 @@
+server {
+  listen   80; ## listen for ipv4; this line is default and implied
+  listen   [::]:80 default ipv6only=on; ## listen for ipv6
+
+  # Make site accessible from http://localhost/
+  server_name localhost;
+
+  location = /health {
+    return 200;
+    access_log off;
+  }
+
+  location / {
+    proxy_pass http://kibana:5601;
+    proxy_read_timeout 90;
+
+    if ($http_x_forwarded_proto != "https") {
+      rewrite ^ https://$host$uri permanent;
+    }
+
+    auth_basic "Restricted";
+    auth_basic_user_file /etc/kibana/htpasswd;
+  }
+}

containers/elk/kibana/conf/supervisord.conf

diff --git a/containers/elk/kibana/conf/supervisord.conf b/containers/elk/kibana/conf/supervisord.conf
new file mode 100644
index 0000000..deff0c7
--- /dev/null
+++ b/containers/elk/kibana/conf/supervisord.conf
@@ -0,0 +1,14 @@
+[supervisord]
+nodaemon=true
+
+[program:kibana]
+command=/opt/kibana-4.0.1-linux-x64/bin/kibana
+autorestart=true
+stderr_logfile=/var/log/supervisor/kibana.err.log
+stdout_logfile=/var/log/supervisor/kibana.out.log
+
+[program:nginx]
+command=/usr/sbin/nginx
+autorestart=true
+stderr_logfile=/var/log/supervisor/nginx.err.log
+stdout_logfile=/var/log/supervisor/nginx.out.log

containers/elk/kibana/run_kibana

diff --git a/containers/elk/kibana/run_kibana b/containers/elk/kibana/run_kibana
new file mode 100644
index 0000000..8723bba
--- /dev/null
+++ b/containers/elk/kibana/run_kibana
@@ -0,0 +1,10 @@
+#!/bin/bash
+sed -i "s/localhost:9200/elasticsearch:9200/g" /opt/${KIBANA_VERSION}/config/kibana.yml
+if [ "$KIBANA_SECURE" = "true" ] ; then
+    ln -s /etc/nginx/sites-available/kibana-secure /etc/nginx/sites-enabled/kibana
+    htpasswd -bc /etc/kibana/htpasswd ${KIBANA_USER} ${KIBANA_PASSWORD}
+else
+    ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/kibana
+fi
+sed -i "s/kibana:5601/$HOSTNAME:5601/g" /etc/nginx/sites-enabled/kibana
+/usr/bin/supervisord -c /etc/supervisor/conf.d/kibana.conf

containers/elk/logstash-forwarder/Dockerfile

diff --git a/containers/elk/logstash-forwarder/Dockerfile b/containers/elk/logstash-forwarder/Dockerfile
new file mode 100644
index 0000000..05979c9
--- /dev/null
+++ b/containers/elk/logstash-forwarder/Dockerfile
@@ -0,0 +1,27 @@
+FROM ubuntu:14.04.2
+
+ENV LOGSTASH_HOST 66.228.36.77
+
+RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y --force-yes \
+    git \
+    golang \
+    supervisor
+
+RUN git clone git://github.com/elasticsearch/logstash-forwarder.git /tmp/logstash-forwarder
+RUN cd /tmp/logstash-forwarder && git checkout v0.4.0 && go build
+
+RUN mkdir /opt/logstash-forwarder && cp /tmp/logstash-forwarder/logstash-forwarder /opt/logstash-forwarder/logstash-forwarder
+
+ADD conf/config.json /opt/logstash-forwarder/config.json
+ADD conf/supervisord.conf /etc/supervisor/conf.d/logstash-forwarder.conf
+ADD run_logstash-forwarder /opt/logstash-forwarder/run_logstash-forwarder
+
+RUN chmod +x /opt/logstash-forwarder/run_logstash-forwarder
+
+RUN rm -rf /tmp/*
+
+VOLUME ["/opt/certs", "/var/log/"]
+
+CMD /opt/logstash-forwarder/run_logstash-forwarder
+
+

containers/elk/logstash-forwarder/Makefile

diff --git a/containers/elk/logstash-forwarder/Makefile b/containers/elk/logstash-forwarder/Makefile
new file mode 100644
index 0000000..cc52790
--- /dev/null
+++ b/containers/elk/logstash-forwarder/Makefile
@@ -0,0 +1,11 @@
+.PHONY: build
+build: ; docker build --rm -t logstash-forwarder .
+
+.PHONY: run
+run: ; docker run --rm -v `pwd`/../logstash/certs:/opt/certs -v /var/log/:/var/log --name logstash-forwarder_server -i -t logstash-forwarder
+
+.PHONY: stop
+stop: ; docker stop logstash-forwarder_server 
+
+.PHONY: rmcontainer
+rmcontainer: ; docker rm logstash-forwarder_server 

containers/elk/logstash-forwarder/conf/config.json

diff --git a/containers/elk/logstash-forwarder/conf/config.json b/containers/elk/logstash-forwarder/conf/config.json
new file mode 100644
index 0000000..71a9975
--- /dev/null
+++ b/containers/elk/logstash-forwarder/conf/config.json
@@ -0,0 +1,15 @@
+{
+  "network": {
+    "servers": [ "logstash:5043" ],
+    "ssl certificate": "/opt/certs/logstash-forwarder.crt",
+    "ssl key": "/opt/certs/logstash-forwarder.key",
+    "ssl ca": "/opt/certs/logstash-forwarder.crt",
+    "timeout": 15
+  },
+  "files": [
+    {
+      "paths": [ "/var/log/message", "/var/log/syslog" ],
+      "fields": { "type": "stdin" }
+    }
+  ]
+}

containers/elk/logstash-forwarder/conf/supervisord.conf

diff --git a/containers/elk/logstash-forwarder/conf/supervisord.conf b/containers/elk/logstash-forwarder/conf/supervisord.conf
new file mode 100644
index 0000000..c91b37c
--- /dev/null
+++ b/containers/elk/logstash-forwarder/conf/supervisord.conf
@@ -0,0 +1,9 @@
+[supervisord]
+nodaemon=true
+
+[program:logstash-forwarder]
+command=/opt/logstash-forwarder/logstash-forwarder -config /opt/logstash-forwarder/config.json 
+autorestart=true
+stderr_logfile=/var/log/logstash.err.log
+stdout_logfile=/var/log/logstash.out.log
+

containers/elk/logstash-forwarder/extfile.cnf

diff --git a/containers/elk/logstash-forwarder/extfile.cnf b/containers/elk/logstash-forwarder/extfile.cnf
new file mode 100644
index 0000000..337a5f4
--- /dev/null
+++ b/containers/elk/logstash-forwarder/extfile.cnf
@@ -0,0 +1 @@
+subjectAltName = IP:66.228.36.77

containers/elk/logstash-forwarder/run_logstash-forwarder

diff --git a/containers/elk/logstash-forwarder/run_logstash-forwarder b/containers/elk/logstash-forwarder/run_logstash-forwarder
new file mode 100644
index 0000000..e97edc4
--- /dev/null
+++ b/containers/elk/logstash-forwarder/run_logstash-forwarder
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+sed -i "s/logstash:5043/${LOGSTASH_HOST}:5043/g" /opt/logstash-forwarder/config.json
+
+/usr/bin/supervisord -c /etc/supervisor/conf.d/logstash-forwarder.conf

containers/elk/logstash/Dockerfile

diff --git a/containers/elk/logstash/Dockerfile b/containers/elk/logstash/Dockerfile
new file mode 100644
index 0000000..2c9ad7b
--- /dev/null
+++ b/containers/elk/logstash/Dockerfile
@@ -0,0 +1,26 @@
+FROM ubuntu:14.04.2
+
+RUN echo "deb http://packages.elasticsearch.org/logstash/1.5/debian stable main" | sudo tee -a /etc/apt/sources.list
+
+RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y --force-yes \
+    wget \
+    ca-certificates \
+    openjdk-7-jre-headless \
+    supervisor \
+    logstash
+
+
+
+RUN mkdir /opt/logstash/plugins
+ADD conf/supervisord.conf /etc/supervisor/conf.d/logstash.conf
+ADD conf/logstash.conf /opt/logstash/logstash.conf
+ADD conf/collectd-types.db /opt/logstash/collectd-types.db
+ADD conf/filter_rsyslog.conf /etc/logstash/plugins/filter_rsyslog.conf
+
+VOLUME ["/opt/logstash/certs"]
+
+EXPOSE 514
+EXPOSE 5043
+EXPOSE 9292
+
+CMD /usr/bin/supervisord -c /etc/supervisor/conf.d/logstash.conf

containers/elk/logstash/Makefile

diff --git a/containers/elk/logstash/Makefile b/containers/elk/logstash/Makefile
new file mode 100644
index 0000000..9e04234
--- /dev/null
+++ b/containers/elk/logstash/Makefile
@@ -0,0 +1,18 @@
+IP=`curl icanhazip.com`
+IP=66.228.36.77
+SUBJECT="/C=US/ST=NY/O=Internet Widgits Pty Ltd/subjectAltName=IP:${IP}"
+
+.PHONY: certs
+certs: ; [ ! -d certs  ] && mkdir certs && cd certs && openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout logstash-forwarder.key -out logstash-forwarder.crt
+
+.PHONY: build
+build: ; docker build --rm -t logstash .
+
+.PHONY: run
+run: ; docker run -d --link elasticsearch_server:elasticsearch -p 5043:5043 -p 514:514 -v `pwd`/certs:/opt/logstash/certs -v `pwd`/conf:/opt/logstash/conf --name logstash_server -i -t logstash
+
+.PHONY: stop
+stop: ; docker stop logstash_server 
+
+.PHONY: rmcontainer
+rmcontainer: ; docker rm logstash_server

containers/elk/logstash/certs/logstash-forwarder.crt

diff --git a/containers/elk/logstash/certs/logstash-forwarder.crt b/containers/elk/logstash/certs/logstash-forwarder.crt
new file mode 100644
index 0000000..1ecccc4
--- /dev/null
+++ b/containers/elk/logstash/certs/logstash-forwarder.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbjCCAlagAwIBAgIJAKAHY7+C/K7gMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTUwOTA1MjMyNDQ3WhcNMTUxMDA1MjMyNDQ3WjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA2/e7hjfGFSp5EqB2Su4ZHNHABxInxoPGpl7Yn3jnDH/RmrXWyUcAyrVm
+DTDUZ38NQ0LORFuuyR6EdHoBiD4KEzzP8fMpqTdviyhbqDB2Ijc2FsFLKlHB4zIb
+E8JpBoBKl49Mk9Hhb0y/Ce1vjYdhUW1kgo0icvabtX9rTzweyogZC/EEBS6yz4rx
+CG1VwGWplpBioMSJkzaWQgqpoOLf6L5GaiXjuYgFdYBv4DpY+HoySJvIdYKAOgGy
+a84KQCv5Syx5BNgq/Tk6MX3dCGRheI6BLmZuu5Zpm7EY/dWTbHzTcuT/NhGUhqR7
+G0BPQfYRkfvkrdUIOWFPJdVJDz5NwQIDAQABo2EwXzAPBgNVHREECDAGhwRC5CRN
+MB0GA1UdDgQWBBS6sPxnCknyoMFBAKoo9FT59a0WfzAfBgNVHSMEGDAWgBS6sPxn
+CknyoMFBAKoo9FT59a0WfzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
+AQAw2oy3fDa1PuRueeWaEERtRysgVR/Z41GrOxkSW/wnbI2kxIMvnMFXCsfqgfof
+MStVdfP0ZgqNbnVFgbQ4egbgcH6qfpTPpNGxz4C//od24+T6nQWVWuujiSpmQF8e
+sv1HXT6HduYvQAl1II0UaZ0LZBTgP0P7O4Em7gjtMVWdnscdj+qFzZnY187HUchr
++ngjUa5uJtVgKtX+a0oEh24EmUdQbEB+2wEwV7zJoA9k8WUHY7QxCpIMBD5b9aLs
+C27t0J8mBmPv3C9pEfJiRKdq/fhiwxuZWqXfIuLo8oTZJOcceLnLvxaMXpAilKva
+HK0aeVmnOiey6bbwddE6hr6R
+-----END CERTIFICATE-----

containers/elk/logstash/certs/logstash-forwarder.key

diff --git a/containers/elk/logstash/certs/logstash-forwarder.key b/containers/elk/logstash/certs/logstash-forwarder.key
new file mode 100644
index 0000000..40d3dfa
--- /dev/null
+++ b/containers/elk/logstash/certs/logstash-forwarder.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDb97uGN8YVKnkS
+oHZK7hkc0cAHEifGg8amXtifeOcMf9GatdbJRwDKtWYNMNRnfw1DQs5EW67JHoR0
+egGIPgoTPM/x8ympN2+LKFuoMHYiNzYWwUsqUcHjMhsTwmkGgEqXj0yT0eFvTL8J
+7W+Nh2FRbWSCjSJy9pu1f2tPPB7KiBkL8QQFLrLPivEIbVXAZamWkGKgxImTNpZC
+Cqmg4t/ovkZqJeO5iAV1gG/gOlj4ejJIm8h1goA6AbJrzgpAK/lLLHkE2Cr9OTox
+fd0IZGF4joEuZm67lmmbsRj91ZNsfNNy5P82EZSGpHsbQE9B9hGR++St1Qg5YU8l
+1UkPPk3BAgMBAAECggEBAMF+8LSmh1bDH/HkuWo8fFa/o/4UWGzmKm7bbA8MWaLD
+JWzEnIY+MVIfs//SfmX0e4Q5Vh0H0X8Vm0qisIpamJ5HllytnG5AV5zACbCvwJtk
+me32Ztp5ROdIgk0lbSHM5NDhu2kk7PvtNPfUp5aGCnOImSvGXxFmIZ7M0WbH6gYZ
+hNuMCIWiTYjNVHLgl59vU55cz2Ze8a2lAqLD0UcvQtUDceqfxakBES7WcsmxSV24
+v5WheID0jX1BGkkSKZYkg+CagBGvoMei6HudkQz7xZnS27u2xrsGKi7zOMIC6cu4
+O+okPk+XHd9uleeb4klWFGx3w8HtXfEhY683jqUIeEkCgYEA86VEBamZ/FXi+vfw
+J7gyKtHUDwOrjU9pRTnZ0m1iRfbVYcR03egA9YWq4KhRp1l9Ofb1+3dCynaEyJXu
+d3vayQhKvRN2QymvETP2+3dXIdhqjgrhjRn0cZkWivTmjz20GnVvQ2X2wSNIl1tS
+B5Ym+v/G71HfAAuX+UD/FSQ017cCgYEA5x8bdRd58tg1zksnR2D5JCMvYiNVySar
+L1Z580dt6Ak0LwSWmZbGfaWAGPcBRbFGJSZCJ0AtlOCiIvDO1pdQ1UuVaknbrGEE
+rOr92/yd8CiWvbBzxjUJ3UXayy9q0iJuIt6tUaXlJDIOtxOXqYuRkb3kfnNSjDsc
+d/fhn+bZVkcCgYEA81zvPcyzf4V2TAIdgj8M9RJTg4/B6ksYtknblcEmeQXdC2PE
+6+YSFyuli/L0ZHkRiTVxa/Uq5LpPVV/VKsmutkCvDn8DEIDxWfiSyYjhom/dtvWN
+Z3g2XsVv6+pE5WzXmdoVAbg2KaKJno1buTI0y19yoJchbJUn/pL6d26Lza8CgYEA
+mrqNpEdSQg0TgId5xWSbhuDzYO0tClyT8D4hqIgigVxgDjYxKKPzQLzi1FPRCzpS
+Lp69XQ+vNGNqyJ+Uqb9lw1Y1spG9ulq9SZKM35Dwn45c1KNj7sclUnjosGyPRBz+
+xON0/xtkG2ZTyacZOs2QaBTL+wfztKQCPCK8b1OaHxMCgYAjz/psH+XbdcK/hFUk
+Ndh68Odw7pydVaIXg3woa4yDlbl5Ca69+P0sSwYYdDNKum6VEiclXlZOdhK/Pzx1
+D/KIPlOwcVcvx1Yog+eF/bZ/aDZj5uBfFDodNk0ohlwnw/2naOtOmYrbgviFznEb
+5P2U3UcClITRrgY9pc4VuFsz5Q==
+-----END PRIVATE KEY-----

containers/elk/logstash/conf/collectd-types.db

diff --git a/containers/elk/logstash/conf/collectd-types.db b/containers/elk/logstash/conf/collectd-types.db
new file mode 100644
index 0000000..ec6ff93
--- /dev/null
+++ b/containers/elk/logstash/conf/collectd-types.db
@@ -0,0 +1,191 @@
+absolute        value:ABSOLUTE:0:U
+apache_bytes        value:DERIVE:0:U
+apache_connections  value:GAUGE:0:65535
+apache_idle_workers value:GAUGE:0:65535
+apache_requests     value:DERIVE:0:U
+apache_scoreboard   value:GAUGE:0:65535
+ath_nodes       value:GAUGE:0:65535
+ath_stat        value:DERIVE:0:U
+bitrate         value:GAUGE:0:4294967295
+bytes           value:GAUGE:0:U
+cache_eviction      value:DERIVE:0:U
+cache_operation     value:DERIVE:0:U
+cache_ratio     value:GAUGE:0:100
+cache_result        value:DERIVE:0:U
+cache_size      value:GAUGE:0:4294967295
+charge          value:GAUGE:0:U
+compression_ratio   value:GAUGE:0:2
+compression     uncompressed:DERIVE:0:U, compressed:DERIVE:0:U
+connections     value:DERIVE:0:U
+conntrack       value:GAUGE:0:4294967295
+contextswitch       value:DERIVE:0:U
+counter         value:COUNTER:U:U
+cpufreq         value:GAUGE:0:U
+cpu         value:DERIVE:0:U
+current_connections value:GAUGE:0:U
+current_sessions    value:GAUGE:0:U
+current         value:GAUGE:U:U
+delay           value:GAUGE:-1000000:1000000
+derive          value:DERIVE:0:U
+df_complex      value:GAUGE:0:U
+df_inodes       value:GAUGE:0:U
+df          used:GAUGE:0:1125899906842623, free:GAUGE:0:1125899906842623
+disk_latency        read:GAUGE:0:U, write:GAUGE:0:U
+disk_merged     read:DERIVE:0:U, write:DERIVE:0:U
+disk_octets     read:DERIVE:0:U, write:DERIVE:0:U
+disk_ops_complex    value:DERIVE:0:U
+disk_ops        read:DERIVE:0:U, write:DERIVE:0:U
+disk_time       read:DERIVE:0:U, write:DERIVE:0:U
+dns_answer      value:DERIVE:0:U
+dns_notify      value:DERIVE:0:U
+dns_octets      queries:DERIVE:0:U, responses:DERIVE:0:U
+dns_opcode      value:DERIVE:0:U
+dns_qtype_cached    value:GAUGE:0:4294967295
+dns_qtype       value:DERIVE:0:U
+dns_query       value:DERIVE:0:U
+dns_question        value:DERIVE:0:U
+dns_rcode       value:DERIVE:0:U
+dns_reject      value:DERIVE:0:U
+dns_request     value:DERIVE:0:U
+dns_resolver        value:DERIVE:0:U
+dns_response        value:DERIVE:0:U
+dns_transfer        value:DERIVE:0:U
+dns_update      value:DERIVE:0:U
+dns_zops        value:DERIVE:0:U
+email_check     value:GAUGE:0:U
+email_count     value:GAUGE:0:U
+email_size      value:GAUGE:0:U
+entropy         value:GAUGE:0:4294967295
+fanspeed        value:GAUGE:0:U
+file_size       value:GAUGE:0:U
+files           value:GAUGE:0:U
+fork_rate       value:DERIVE:0:U
+frequency       value:GAUGE:0:U
+frequency_offset    value:GAUGE:-1000000:1000000
+fscache_stat        value:DERIVE:0:U
+gauge           value:GAUGE:U:U
+hash_collisions     value:DERIVE:0:U
+http_request_methods    value:DERIVE:0:U
+http_requests       value:DERIVE:0:U
+http_response_codes value:DERIVE:0:U
+humidity        value:GAUGE:0:100
+if_collisions       value:DERIVE:0:U
+if_dropped      rx:DERIVE:0:U, tx:DERIVE:0:U
+if_errors       rx:DERIVE:0:U, tx:DERIVE:0:U
+if_multicast        value:DERIVE:0:U
+if_octets       rx:DERIVE:0:U, tx:DERIVE:0:U
+if_packets      rx:DERIVE:0:U, tx:DERIVE:0:U
+if_rx_errors        value:DERIVE:0:U
+if_tx_errors        value:DERIVE:0:U
+invocations     value:DERIVE:0:U
+io_octets       rx:DERIVE:0:U, tx:DERIVE:0:U
+io_packets      rx:DERIVE:0:U, tx:DERIVE:0:U
+ipt_bytes       value:DERIVE:0:U
+ipt_packets     value:DERIVE:0:U
+irq         value:DERIVE:0:U
+latency         value:GAUGE:0:65535
+links           value:GAUGE:0:U
+load            shortterm:GAUGE:0:100, midterm:GAUGE:0:100, longterm:GAUGE:0:100
+md_disks        value:GAUGE:0:U
+memcached_command   value:DERIVE:0:U
+memcached_connections   value:GAUGE:0:U
+memcached_items     value:GAUGE:0:U
+memcached_octets    rx:DERIVE:0:U, tx:DERIVE:0:U
+memcached_ops       value:DERIVE:0:U
+memory          value:GAUGE:0:281474976710656
+multimeter      value:GAUGE:U:U
+mutex_operations    value:DERIVE:0:U
+mysql_commands      value:DERIVE:0:U
+mysql_handler       value:DERIVE:0:U
+mysql_locks     value:DERIVE:0:U
+mysql_log_position  value:DERIVE:0:U
+mysql_octets        rx:DERIVE:0:U, tx:DERIVE:0:U
+nfs_procedure       value:DERIVE:0:U
+nginx_connections   value:GAUGE:0:U
+nginx_requests      value:DERIVE:0:U
+node_octets     rx:DERIVE:0:U, tx:DERIVE:0:U
+node_rssi       value:GAUGE:0:255
+node_stat       value:DERIVE:0:U
+node_tx_rate        value:GAUGE:0:127
+operations      value:DERIVE:0:U
+percent         value:GAUGE:0:100.1
+pg_blks         value:DERIVE:0:U
+pg_db_size      value:GAUGE:0:U
+pg_n_tup_c      value:DERIVE:0:U
+pg_n_tup_g      value:GAUGE:0:U
+pg_numbackends      value:GAUGE:0:U
+pg_scan         value:DERIVE:0:U
+pg_xact         value:DERIVE:0:U
+ping_droprate       value:GAUGE:0:100
+ping            value:GAUGE:0:65535
+ping_stddev     value:GAUGE:0:65535
+players         value:GAUGE:0:1000000
+power           value:GAUGE:0:U
+protocol_counter    value:DERIVE:0:U
+ps_code         value:GAUGE:0:9223372036854775807
+ps_count        processes:GAUGE:0:1000000, threads:GAUGE:0:1000000
+ps_cputime      user:DERIVE:0:U, syst:DERIVE:0:U
+ps_data         value:GAUGE:0:9223372036854775807
+ps_disk_octets      read:DERIVE:0:U, write:DERIVE:0:U
+ps_disk_ops     read:DERIVE:0:U, write:DERIVE:0:U
+ps_pagefaults       minflt:DERIVE:0:U, majflt:DERIVE:0:U
+ps_rss          value:GAUGE:0:9223372036854775807
+ps_stacksize        value:GAUGE:0:9223372036854775807
+ps_state        value:GAUGE:0:65535
+ps_vm           value:GAUGE:0:9223372036854775807
+queue_length        value:GAUGE:0:U
+records         value:GAUGE:0:U
+requests        value:GAUGE:0:U
+response_time       value:GAUGE:0:U
+route_etx       value:GAUGE:0:U
+route_metric        value:GAUGE:0:U
+routes          value:GAUGE:0:U
+serial_octets       rx:DERIVE:0:U, tx:DERIVE:0:U
+signal_noise        value:GAUGE:U:0
+signal_power        value:GAUGE:U:0
+signal_quality      value:GAUGE:0:U
+snr         value:GAUGE:0:U
+spam_check      value:GAUGE:0:U
+spam_score      value:GAUGE:U:U
+swap_io         value:DERIVE:0:U
+swap            value:GAUGE:0:1099511627776
+tcp_connections     value:GAUGE:0:4294967295
+temperature     value:GAUGE:-273.15:U
+threads         value:GAUGE:0:U
+time_dispersion     value:GAUGE:-1000000:1000000
+timeleft        value:GAUGE:0:3600
+time_offset     value:GAUGE:-1000000:1000000
+total_bytes     value:DERIVE:0:U
+total_connections   value:DERIVE:0:U
+total_operations    value:DERIVE:0:U
+total_requests      value:DERIVE:0:U
+total_sessions      value:DERIVE:0:U
+total_threads       value:DERIVE:0:U
+total_time_in_ms    value:DERIVE:0:U
+total_values        value:DERIVE:0:U
+uptime          value:GAUGE:0:4294967295
+users           value:GAUGE:0:65535
+vcpu            value:GAUGE:0:U
+virt_cpu_total      value:DERIVE:0:U
+virt_vcpu       value:DERIVE:0:U
+vmpage_action       value:DERIVE:0:U
+vmpage_faults       minflt:DERIVE:0:U, majflt:DERIVE:0:U
+vmpage_io       in:DERIVE:0:U, out:DERIVE:0:U
+vmpage_number       value:GAUGE:0:4294967295
+volatile_changes    value:GAUGE:0:U
+voltage_threshold   value:GAUGE:U:U, threshold:GAUGE:U:U
+voltage         value:GAUGE:U:U
+vs_memory       value:GAUGE:0:9223372036854775807
+vs_processes        value:GAUGE:0:65535
+vs_threads      value:GAUGE:0:65535
+#
+# Legacy types
+# (required for the v5 upgrade target)
+#
+arc_counts      demand_data:COUNTER:0:U, demand_metadata:COUNTER:0:U, prefetch_data:COUNTER:0:U, prefetch_metadata:COUNTER:0:U
+arc_l2_bytes        read:COUNTER:0:U, write:COUNTER:0:U
+arc_l2_size     value:GAUGE:0:U
+arc_ratio       value:GAUGE:0:U
+arc_size        current:GAUGE:0:U, target:GAUGE:0:U, minlimit:GAUGE:0:U, maxlimit:GAUGE:0:U
+mysql_qcache        hits:COUNTER:0:U, inserts:COUNTER:0:U, not_cached:COUNTER:0:U, lowmem_prunes:COUNTER:0:U, queries_in_cache:GAUGE:0:U
+mysql_threads       running:GAUGE:0:U, connected:GAUGE:0:U, cached:GAUGE:0:U, created:COUNTER:0:U

containers/elk/logstash/conf/filter_rsyslog.conf

diff --git a/containers/elk/logstash/conf/filter_rsyslog.conf b/containers/elk/logstash/conf/filter_rsyslog.conf
new file mode 100644
index 0000000..d64be71
--- /dev/null
+++ b/containers/elk/logstash/conf/filter_rsyslog.conf
@@ -0,0 +1,13 @@
+filter {
+  if [type] == “syslog” {
+    grok {
+      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
+      add_field => [ "received_at", "%{@timestamp}" ]
+      add_field => [ "received_from", "%{host}" ]
+    }
+    syslog_pri { }
+    date {
+      match => [ “syslog_timestamp”, “MMM d HH:mm:ss”, “MMM dd HH:mm:ss” ]
+    }  
+  }
+}                                                            

containers/elk/logstash/conf/logstash.conf

diff --git a/containers/elk/logstash/conf/logstash.conf b/containers/elk/logstash/conf/logstash.conf
new file mode 100644
index 0000000..8d3f57c
--- /dev/null
+++ b/containers/elk/logstash/conf/logstash.conf
@@ -0,0 +1,28 @@
+input {
+  syslog {
+    type => syslog
+    port => 514
+  }
+  lumberjack {
+    port => 5043
+    type => "logs"
+    ssl_certificate => "/opt/logstash/certs/logstash-forwarder.crt"
+    ssl_key => "/opt/logstash/certs/logstash-forwarder.key"
+  }
+  udp {
+    port => 25826
+    buffer_size => 1452
+    codec => collectd { }
+  }
+}
+output {
+
+stdout {
+    codec => json
+}
+
+elasticsearch {
+      host => "elasticsearch"
+      port => "9300"
+  }
+}

containers/elk/logstash/conf/supervisord.conf

diff --git a/containers/elk/logstash/conf/supervisord.conf b/containers/elk/logstash/conf/supervisord.conf
new file mode 100644
index 0000000..1f3ede3
--- /dev/null
+++ b/containers/elk/logstash/conf/supervisord.conf
@@ -0,0 +1,8 @@
+[supervisord]
+nodaemon=true
+
+[program:logstash
+command=/opt/logstash/bin/logstash -f /opt/logstash/logstash.conf -p /opt/logstash/plugins/  
+autorestart=true
+stderr_logfile=/var/log/logstash.err.log
+stdout_logfile=/var/log/logstash.out.log