initial checkin
diff --git a/containers/elk/logstash/Dockerfile b/containers/elk/logstash/Dockerfile
new file mode 100644
index 0000000..2c9ad7b
--- /dev/null
+++ b/containers/elk/logstash/Dockerfile
@@ -0,0 +1,26 @@
+FROM ubuntu:14.04.2
+
+RUN echo "deb http://packages.elasticsearch.org/logstash/1.5/debian stable main" | sudo tee -a /etc/apt/sources.list
+
+RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y --force-yes \
+    wget \
+    ca-certificates \
+    openjdk-7-jre-headless \
+    supervisor \
+    logstash
+
+
+
+RUN mkdir /opt/logstash/plugins
+ADD conf/supervisord.conf /etc/supervisor/conf.d/logstash.conf
+ADD conf/logstash.conf /opt/logstash/logstash.conf
+ADD conf/collectd-types.db /opt/logstash/collectd-types.db
+ADD conf/filter_rsyslog.conf /etc/logstash/plugins/filter_rsyslog.conf
+
+VOLUME ["/opt/logstash/certs"]
+
+EXPOSE 514
+EXPOSE 5043
+EXPOSE 9292
+
+CMD /usr/bin/supervisord -c /etc/supervisor/conf.d/logstash.conf
diff --git a/containers/elk/logstash/Makefile b/containers/elk/logstash/Makefile
new file mode 100644
index 0000000..9e04234
--- /dev/null
+++ b/containers/elk/logstash/Makefile
@@ -0,0 +1,18 @@
+IP=`curl icanhazip.com`
+IP=66.228.36.77
+SUBJECT="/C=US/ST=NY/O=Internet Widgits Pty Ltd/subjectAltName=IP:${IP}"
+
+.PHONY: certs
+certs: ; [ ! -d certs  ] && mkdir certs && cd certs && openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout logstash-forwarder.key -out logstash-forwarder.crt
+
+.PHONY: build
+build: ; docker build --rm -t logstash .
+
+.PHONY: run
+run: ; docker run -d --link elasticsearch_server:elasticsearch -p 5043:5043 -p 514:514 -v `pwd`/certs:/opt/logstash/certs -v `pwd`/conf:/opt/logstash/conf --name logstash_server -i -t logstash
+
+.PHONY: stop
+stop: ; docker stop logstash_server 
+
+.PHONY: rmcontainer
+rmcontainer: ; docker rm logstash_server
diff --git a/containers/elk/logstash/certs/logstash-forwarder.crt b/containers/elk/logstash/certs/logstash-forwarder.crt
new file mode 100644
index 0000000..1ecccc4
--- /dev/null
+++ b/containers/elk/logstash/certs/logstash-forwarder.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbjCCAlagAwIBAgIJAKAHY7+C/K7gMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTUwOTA1MjMyNDQ3WhcNMTUxMDA1MjMyNDQ3WjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA2/e7hjfGFSp5EqB2Su4ZHNHABxInxoPGpl7Yn3jnDH/RmrXWyUcAyrVm
+DTDUZ38NQ0LORFuuyR6EdHoBiD4KEzzP8fMpqTdviyhbqDB2Ijc2FsFLKlHB4zIb
+E8JpBoBKl49Mk9Hhb0y/Ce1vjYdhUW1kgo0icvabtX9rTzweyogZC/EEBS6yz4rx
+CG1VwGWplpBioMSJkzaWQgqpoOLf6L5GaiXjuYgFdYBv4DpY+HoySJvIdYKAOgGy
+a84KQCv5Syx5BNgq/Tk6MX3dCGRheI6BLmZuu5Zpm7EY/dWTbHzTcuT/NhGUhqR7
+G0BPQfYRkfvkrdUIOWFPJdVJDz5NwQIDAQABo2EwXzAPBgNVHREECDAGhwRC5CRN
+MB0GA1UdDgQWBBS6sPxnCknyoMFBAKoo9FT59a0WfzAfBgNVHSMEGDAWgBS6sPxn
+CknyoMFBAKoo9FT59a0WfzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
+AQAw2oy3fDa1PuRueeWaEERtRysgVR/Z41GrOxkSW/wnbI2kxIMvnMFXCsfqgfof
+MStVdfP0ZgqNbnVFgbQ4egbgcH6qfpTPpNGxz4C//od24+T6nQWVWuujiSpmQF8e
+sv1HXT6HduYvQAl1II0UaZ0LZBTgP0P7O4Em7gjtMVWdnscdj+qFzZnY187HUchr
++ngjUa5uJtVgKtX+a0oEh24EmUdQbEB+2wEwV7zJoA9k8WUHY7QxCpIMBD5b9aLs
+C27t0J8mBmPv3C9pEfJiRKdq/fhiwxuZWqXfIuLo8oTZJOcceLnLvxaMXpAilKva
+HK0aeVmnOiey6bbwddE6hr6R
+-----END CERTIFICATE-----
diff --git a/containers/elk/logstash/certs/logstash-forwarder.key b/containers/elk/logstash/certs/logstash-forwarder.key
new file mode 100644
index 0000000..40d3dfa
--- /dev/null
+++ b/containers/elk/logstash/certs/logstash-forwarder.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDb97uGN8YVKnkS
+oHZK7hkc0cAHEifGg8amXtifeOcMf9GatdbJRwDKtWYNMNRnfw1DQs5EW67JHoR0
+egGIPgoTPM/x8ympN2+LKFuoMHYiNzYWwUsqUcHjMhsTwmkGgEqXj0yT0eFvTL8J
+7W+Nh2FRbWSCjSJy9pu1f2tPPB7KiBkL8QQFLrLPivEIbVXAZamWkGKgxImTNpZC
+Cqmg4t/ovkZqJeO5iAV1gG/gOlj4ejJIm8h1goA6AbJrzgpAK/lLLHkE2Cr9OTox
+fd0IZGF4joEuZm67lmmbsRj91ZNsfNNy5P82EZSGpHsbQE9B9hGR++St1Qg5YU8l
+1UkPPk3BAgMBAAECggEBAMF+8LSmh1bDH/HkuWo8fFa/o/4UWGzmKm7bbA8MWaLD
+JWzEnIY+MVIfs//SfmX0e4Q5Vh0H0X8Vm0qisIpamJ5HllytnG5AV5zACbCvwJtk
+me32Ztp5ROdIgk0lbSHM5NDhu2kk7PvtNPfUp5aGCnOImSvGXxFmIZ7M0WbH6gYZ
+hNuMCIWiTYjNVHLgl59vU55cz2Ze8a2lAqLD0UcvQtUDceqfxakBES7WcsmxSV24
+v5WheID0jX1BGkkSKZYkg+CagBGvoMei6HudkQz7xZnS27u2xrsGKi7zOMIC6cu4
+O+okPk+XHd9uleeb4klWFGx3w8HtXfEhY683jqUIeEkCgYEA86VEBamZ/FXi+vfw
+J7gyKtHUDwOrjU9pRTnZ0m1iRfbVYcR03egA9YWq4KhRp1l9Ofb1+3dCynaEyJXu
+d3vayQhKvRN2QymvETP2+3dXIdhqjgrhjRn0cZkWivTmjz20GnVvQ2X2wSNIl1tS
+B5Ym+v/G71HfAAuX+UD/FSQ017cCgYEA5x8bdRd58tg1zksnR2D5JCMvYiNVySar
+L1Z580dt6Ak0LwSWmZbGfaWAGPcBRbFGJSZCJ0AtlOCiIvDO1pdQ1UuVaknbrGEE
+rOr92/yd8CiWvbBzxjUJ3UXayy9q0iJuIt6tUaXlJDIOtxOXqYuRkb3kfnNSjDsc
+d/fhn+bZVkcCgYEA81zvPcyzf4V2TAIdgj8M9RJTg4/B6ksYtknblcEmeQXdC2PE
+6+YSFyuli/L0ZHkRiTVxa/Uq5LpPVV/VKsmutkCvDn8DEIDxWfiSyYjhom/dtvWN
+Z3g2XsVv6+pE5WzXmdoVAbg2KaKJno1buTI0y19yoJchbJUn/pL6d26Lza8CgYEA
+mrqNpEdSQg0TgId5xWSbhuDzYO0tClyT8D4hqIgigVxgDjYxKKPzQLzi1FPRCzpS
+Lp69XQ+vNGNqyJ+Uqb9lw1Y1spG9ulq9SZKM35Dwn45c1KNj7sclUnjosGyPRBz+
+xON0/xtkG2ZTyacZOs2QaBTL+wfztKQCPCK8b1OaHxMCgYAjz/psH+XbdcK/hFUk
+Ndh68Odw7pydVaIXg3woa4yDlbl5Ca69+P0sSwYYdDNKum6VEiclXlZOdhK/Pzx1
+D/KIPlOwcVcvx1Yog+eF/bZ/aDZj5uBfFDodNk0ohlwnw/2naOtOmYrbgviFznEb
+5P2U3UcClITRrgY9pc4VuFsz5Q==
+-----END PRIVATE KEY-----
diff --git a/containers/elk/logstash/conf/collectd-types.db b/containers/elk/logstash/conf/collectd-types.db
new file mode 100644
index 0000000..ec6ff93
--- /dev/null
+++ b/containers/elk/logstash/conf/collectd-types.db
@@ -0,0 +1,191 @@
+absolute        value:ABSOLUTE:0:U
+apache_bytes        value:DERIVE:0:U
+apache_connections  value:GAUGE:0:65535
+apache_idle_workers value:GAUGE:0:65535
+apache_requests     value:DERIVE:0:U
+apache_scoreboard   value:GAUGE:0:65535
+ath_nodes       value:GAUGE:0:65535
+ath_stat        value:DERIVE:0:U
+bitrate         value:GAUGE:0:4294967295
+bytes           value:GAUGE:0:U
+cache_eviction      value:DERIVE:0:U
+cache_operation     value:DERIVE:0:U
+cache_ratio     value:GAUGE:0:100
+cache_result        value:DERIVE:0:U
+cache_size      value:GAUGE:0:4294967295
+charge          value:GAUGE:0:U
+compression_ratio   value:GAUGE:0:2
+compression     uncompressed:DERIVE:0:U, compressed:DERIVE:0:U
+connections     value:DERIVE:0:U
+conntrack       value:GAUGE:0:4294967295
+contextswitch       value:DERIVE:0:U
+counter         value:COUNTER:U:U
+cpufreq         value:GAUGE:0:U
+cpu         value:DERIVE:0:U
+current_connections value:GAUGE:0:U
+current_sessions    value:GAUGE:0:U
+current         value:GAUGE:U:U
+delay           value:GAUGE:-1000000:1000000
+derive          value:DERIVE:0:U
+df_complex      value:GAUGE:0:U
+df_inodes       value:GAUGE:0:U
+df          used:GAUGE:0:1125899906842623, free:GAUGE:0:1125899906842623
+disk_latency        read:GAUGE:0:U, write:GAUGE:0:U
+disk_merged     read:DERIVE:0:U, write:DERIVE:0:U
+disk_octets     read:DERIVE:0:U, write:DERIVE:0:U
+disk_ops_complex    value:DERIVE:0:U
+disk_ops        read:DERIVE:0:U, write:DERIVE:0:U
+disk_time       read:DERIVE:0:U, write:DERIVE:0:U
+dns_answer      value:DERIVE:0:U
+dns_notify      value:DERIVE:0:U
+dns_octets      queries:DERIVE:0:U, responses:DERIVE:0:U
+dns_opcode      value:DERIVE:0:U
+dns_qtype_cached    value:GAUGE:0:4294967295
+dns_qtype       value:DERIVE:0:U
+dns_query       value:DERIVE:0:U
+dns_question        value:DERIVE:0:U
+dns_rcode       value:DERIVE:0:U
+dns_reject      value:DERIVE:0:U
+dns_request     value:DERIVE:0:U
+dns_resolver        value:DERIVE:0:U
+dns_response        value:DERIVE:0:U
+dns_transfer        value:DERIVE:0:U
+dns_update      value:DERIVE:0:U
+dns_zops        value:DERIVE:0:U
+email_check     value:GAUGE:0:U
+email_count     value:GAUGE:0:U
+email_size      value:GAUGE:0:U
+entropy         value:GAUGE:0:4294967295
+fanspeed        value:GAUGE:0:U
+file_size       value:GAUGE:0:U
+files           value:GAUGE:0:U
+fork_rate       value:DERIVE:0:U
+frequency       value:GAUGE:0:U
+frequency_offset    value:GAUGE:-1000000:1000000
+fscache_stat        value:DERIVE:0:U
+gauge           value:GAUGE:U:U
+hash_collisions     value:DERIVE:0:U
+http_request_methods    value:DERIVE:0:U
+http_requests       value:DERIVE:0:U
+http_response_codes value:DERIVE:0:U
+humidity        value:GAUGE:0:100
+if_collisions       value:DERIVE:0:U
+if_dropped      rx:DERIVE:0:U, tx:DERIVE:0:U
+if_errors       rx:DERIVE:0:U, tx:DERIVE:0:U
+if_multicast        value:DERIVE:0:U
+if_octets       rx:DERIVE:0:U, tx:DERIVE:0:U
+if_packets      rx:DERIVE:0:U, tx:DERIVE:0:U
+if_rx_errors        value:DERIVE:0:U
+if_tx_errors        value:DERIVE:0:U
+invocations     value:DERIVE:0:U
+io_octets       rx:DERIVE:0:U, tx:DERIVE:0:U
+io_packets      rx:DERIVE:0:U, tx:DERIVE:0:U
+ipt_bytes       value:DERIVE:0:U
+ipt_packets     value:DERIVE:0:U
+irq         value:DERIVE:0:U
+latency         value:GAUGE:0:65535
+links           value:GAUGE:0:U
+load            shortterm:GAUGE:0:100, midterm:GAUGE:0:100, longterm:GAUGE:0:100
+md_disks        value:GAUGE:0:U
+memcached_command   value:DERIVE:0:U
+memcached_connections   value:GAUGE:0:U
+memcached_items     value:GAUGE:0:U
+memcached_octets    rx:DERIVE:0:U, tx:DERIVE:0:U
+memcached_ops       value:DERIVE:0:U
+memory          value:GAUGE:0:281474976710656
+multimeter      value:GAUGE:U:U
+mutex_operations    value:DERIVE:0:U
+mysql_commands      value:DERIVE:0:U
+mysql_handler       value:DERIVE:0:U
+mysql_locks     value:DERIVE:0:U
+mysql_log_position  value:DERIVE:0:U
+mysql_octets        rx:DERIVE:0:U, tx:DERIVE:0:U
+nfs_procedure       value:DERIVE:0:U
+nginx_connections   value:GAUGE:0:U
+nginx_requests      value:DERIVE:0:U
+node_octets     rx:DERIVE:0:U, tx:DERIVE:0:U
+node_rssi       value:GAUGE:0:255
+node_stat       value:DERIVE:0:U
+node_tx_rate        value:GAUGE:0:127
+operations      value:DERIVE:0:U
+percent         value:GAUGE:0:100.1
+pg_blks         value:DERIVE:0:U
+pg_db_size      value:GAUGE:0:U
+pg_n_tup_c      value:DERIVE:0:U
+pg_n_tup_g      value:GAUGE:0:U
+pg_numbackends      value:GAUGE:0:U
+pg_scan         value:DERIVE:0:U
+pg_xact         value:DERIVE:0:U
+ping_droprate       value:GAUGE:0:100
+ping            value:GAUGE:0:65535
+ping_stddev     value:GAUGE:0:65535
+players         value:GAUGE:0:1000000
+power           value:GAUGE:0:U
+protocol_counter    value:DERIVE:0:U
+ps_code         value:GAUGE:0:9223372036854775807
+ps_count        processes:GAUGE:0:1000000, threads:GAUGE:0:1000000
+ps_cputime      user:DERIVE:0:U, syst:DERIVE:0:U
+ps_data         value:GAUGE:0:9223372036854775807
+ps_disk_octets      read:DERIVE:0:U, write:DERIVE:0:U
+ps_disk_ops     read:DERIVE:0:U, write:DERIVE:0:U
+ps_pagefaults       minflt:DERIVE:0:U, majflt:DERIVE:0:U
+ps_rss          value:GAUGE:0:9223372036854775807
+ps_stacksize        value:GAUGE:0:9223372036854775807
+ps_state        value:GAUGE:0:65535
+ps_vm           value:GAUGE:0:9223372036854775807
+queue_length        value:GAUGE:0:U
+records         value:GAUGE:0:U
+requests        value:GAUGE:0:U
+response_time       value:GAUGE:0:U
+route_etx       value:GAUGE:0:U
+route_metric        value:GAUGE:0:U
+routes          value:GAUGE:0:U
+serial_octets       rx:DERIVE:0:U, tx:DERIVE:0:U
+signal_noise        value:GAUGE:U:0
+signal_power        value:GAUGE:U:0
+signal_quality      value:GAUGE:0:U
+snr         value:GAUGE:0:U
+spam_check      value:GAUGE:0:U
+spam_score      value:GAUGE:U:U
+swap_io         value:DERIVE:0:U
+swap            value:GAUGE:0:1099511627776
+tcp_connections     value:GAUGE:0:4294967295
+temperature     value:GAUGE:-273.15:U
+threads         value:GAUGE:0:U
+time_dispersion     value:GAUGE:-1000000:1000000
+timeleft        value:GAUGE:0:3600
+time_offset     value:GAUGE:-1000000:1000000
+total_bytes     value:DERIVE:0:U
+total_connections   value:DERIVE:0:U
+total_operations    value:DERIVE:0:U
+total_requests      value:DERIVE:0:U
+total_sessions      value:DERIVE:0:U
+total_threads       value:DERIVE:0:U
+total_time_in_ms    value:DERIVE:0:U
+total_values        value:DERIVE:0:U
+uptime          value:GAUGE:0:4294967295
+users           value:GAUGE:0:65535
+vcpu            value:GAUGE:0:U
+virt_cpu_total      value:DERIVE:0:U
+virt_vcpu       value:DERIVE:0:U
+vmpage_action       value:DERIVE:0:U
+vmpage_faults       minflt:DERIVE:0:U, majflt:DERIVE:0:U
+vmpage_io       in:DERIVE:0:U, out:DERIVE:0:U
+vmpage_number       value:GAUGE:0:4294967295
+volatile_changes    value:GAUGE:0:U
+voltage_threshold   value:GAUGE:U:U, threshold:GAUGE:U:U
+voltage         value:GAUGE:U:U
+vs_memory       value:GAUGE:0:9223372036854775807
+vs_processes        value:GAUGE:0:65535
+vs_threads      value:GAUGE:0:65535
+#
+# Legacy types
+# (required for the v5 upgrade target)
+#
+arc_counts      demand_data:COUNTER:0:U, demand_metadata:COUNTER:0:U, prefetch_data:COUNTER:0:U, prefetch_metadata:COUNTER:0:U
+arc_l2_bytes        read:COUNTER:0:U, write:COUNTER:0:U
+arc_l2_size     value:GAUGE:0:U
+arc_ratio       value:GAUGE:0:U
+arc_size        current:GAUGE:0:U, target:GAUGE:0:U, minlimit:GAUGE:0:U, maxlimit:GAUGE:0:U
+mysql_qcache        hits:COUNTER:0:U, inserts:COUNTER:0:U, not_cached:COUNTER:0:U, lowmem_prunes:COUNTER:0:U, queries_in_cache:GAUGE:0:U
+mysql_threads       running:GAUGE:0:U, connected:GAUGE:0:U, cached:GAUGE:0:U, created:COUNTER:0:U
diff --git a/containers/elk/logstash/conf/filter_rsyslog.conf b/containers/elk/logstash/conf/filter_rsyslog.conf
new file mode 100644
index 0000000..d64be71
--- /dev/null
+++ b/containers/elk/logstash/conf/filter_rsyslog.conf
@@ -0,0 +1,13 @@
+filter {
+  if [type] == “syslog” {
+    grok {
+      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
+      add_field => [ "received_at", "%{@timestamp}" ]
+      add_field => [ "received_from", "%{host}" ]
+    }
+    syslog_pri { }
+    date {
+      match => [ “syslog_timestamp”, “MMM d HH:mm:ss”, “MMM dd HH:mm:ss” ]
+    }  
+  }
+}                                                            
diff --git a/containers/elk/logstash/conf/logstash.conf b/containers/elk/logstash/conf/logstash.conf
new file mode 100644
index 0000000..8d3f57c
--- /dev/null
+++ b/containers/elk/logstash/conf/logstash.conf
@@ -0,0 +1,28 @@
+input {
+  syslog {
+    type => syslog
+    port => 514
+  }
+  lumberjack {
+    port => 5043
+    type => "logs"
+    ssl_certificate => "/opt/logstash/certs/logstash-forwarder.crt"
+    ssl_key => "/opt/logstash/certs/logstash-forwarder.key"
+  }
+  udp {
+    port => 25826
+    buffer_size => 1452
+    codec => collectd { }
+  }
+}
+output {
+
+stdout {
+    codec => json
+}
+
+elasticsearch {
+      host => "elasticsearch"
+      port => "9300"
+  }
+}
diff --git a/containers/elk/logstash/conf/supervisord.conf b/containers/elk/logstash/conf/supervisord.conf
new file mode 100644
index 0000000..1f3ede3
--- /dev/null
+++ b/containers/elk/logstash/conf/supervisord.conf
@@ -0,0 +1,8 @@
+[supervisord]
+nodaemon=true
+
+[program:logstash
+command=/opt/logstash/bin/logstash -f /opt/logstash/logstash.conf -p /opt/logstash/plugins/  
+autorestart=true
+stderr_logfile=/var/log/logstash.err.log
+stdout_logfile=/var/log/logstash.out.log