initial checkin
diff --git a/containers/elk/logstash/Dockerfile b/containers/elk/logstash/Dockerfile
new file mode 100644
index 0000000..2c9ad7b
--- /dev/null
+++ b/containers/elk/logstash/Dockerfile
@@ -0,0 +1,26 @@
+FROM ubuntu:14.04.2
+
+RUN echo "deb http://packages.elasticsearch.org/logstash/1.5/debian stable main" | sudo tee -a /etc/apt/sources.list
+
+RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y --force-yes \
+ wget \
+ ca-certificates \
+ openjdk-7-jre-headless \
+ supervisor \
+ logstash
+
+
+
+RUN mkdir /opt/logstash/plugins
+ADD conf/supervisord.conf /etc/supervisor/conf.d/logstash.conf
+ADD conf/logstash.conf /opt/logstash/logstash.conf
+ADD conf/collectd-types.db /opt/logstash/collectd-types.db
+ADD conf/filter_rsyslog.conf /etc/logstash/plugins/filter_rsyslog.conf
+
+VOLUME ["/opt/logstash/certs"]
+
+EXPOSE 514
+EXPOSE 5043
+EXPOSE 9292
+
+CMD /usr/bin/supervisord -c /etc/supervisor/conf.d/logstash.conf
diff --git a/containers/elk/logstash/Makefile b/containers/elk/logstash/Makefile
new file mode 100644
index 0000000..9e04234
--- /dev/null
+++ b/containers/elk/logstash/Makefile
@@ -0,0 +1,18 @@
+IP=`curl icanhazip.com`
+IP=66.228.36.77
+SUBJECT="/C=US/ST=NY/O=Internet Widgits Pty Ltd/subjectAltName=IP:${IP}"
+
+.PHONY: certs
+certs: ; [ ! -d certs ] && mkdir certs && cd certs && openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout logstash-forwarder.key -out logstash-forwarder.crt
+
+.PHONY: build
+build: ; docker build --rm -t logstash .
+
+.PHONY: run
+run: ; docker run -d --link elasticsearch_server:elasticsearch -p 5043:5043 -p 514:514 -v `pwd`/certs:/opt/logstash/certs -v `pwd`/conf:/opt/logstash/conf --name logstash_server -i -t logstash
+
+.PHONY: stop
+stop: ; docker stop logstash_server
+
+.PHONY: rmcontainer
+rmcontainer: ; docker rm logstash_server
diff --git a/containers/elk/logstash/certs/logstash-forwarder.crt b/containers/elk/logstash/certs/logstash-forwarder.crt
new file mode 100644
index 0000000..1ecccc4
--- /dev/null
+++ b/containers/elk/logstash/certs/logstash-forwarder.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbjCCAlagAwIBAgIJAKAHY7+C/K7gMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTUwOTA1MjMyNDQ3WhcNMTUxMDA1MjMyNDQ3WjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA2/e7hjfGFSp5EqB2Su4ZHNHABxInxoPGpl7Yn3jnDH/RmrXWyUcAyrVm
+DTDUZ38NQ0LORFuuyR6EdHoBiD4KEzzP8fMpqTdviyhbqDB2Ijc2FsFLKlHB4zIb
+E8JpBoBKl49Mk9Hhb0y/Ce1vjYdhUW1kgo0icvabtX9rTzweyogZC/EEBS6yz4rx
+CG1VwGWplpBioMSJkzaWQgqpoOLf6L5GaiXjuYgFdYBv4DpY+HoySJvIdYKAOgGy
+a84KQCv5Syx5BNgq/Tk6MX3dCGRheI6BLmZuu5Zpm7EY/dWTbHzTcuT/NhGUhqR7
+G0BPQfYRkfvkrdUIOWFPJdVJDz5NwQIDAQABo2EwXzAPBgNVHREECDAGhwRC5CRN
+MB0GA1UdDgQWBBS6sPxnCknyoMFBAKoo9FT59a0WfzAfBgNVHSMEGDAWgBS6sPxn
+CknyoMFBAKoo9FT59a0WfzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
+AQAw2oy3fDa1PuRueeWaEERtRysgVR/Z41GrOxkSW/wnbI2kxIMvnMFXCsfqgfof
+MStVdfP0ZgqNbnVFgbQ4egbgcH6qfpTPpNGxz4C//od24+T6nQWVWuujiSpmQF8e
+sv1HXT6HduYvQAl1II0UaZ0LZBTgP0P7O4Em7gjtMVWdnscdj+qFzZnY187HUchr
++ngjUa5uJtVgKtX+a0oEh24EmUdQbEB+2wEwV7zJoA9k8WUHY7QxCpIMBD5b9aLs
+C27t0J8mBmPv3C9pEfJiRKdq/fhiwxuZWqXfIuLo8oTZJOcceLnLvxaMXpAilKva
+HK0aeVmnOiey6bbwddE6hr6R
+-----END CERTIFICATE-----
diff --git a/containers/elk/logstash/certs/logstash-forwarder.key b/containers/elk/logstash/certs/logstash-forwarder.key
new file mode 100644
index 0000000..40d3dfa
--- /dev/null
+++ b/containers/elk/logstash/certs/logstash-forwarder.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDb97uGN8YVKnkS
+oHZK7hkc0cAHEifGg8amXtifeOcMf9GatdbJRwDKtWYNMNRnfw1DQs5EW67JHoR0
+egGIPgoTPM/x8ympN2+LKFuoMHYiNzYWwUsqUcHjMhsTwmkGgEqXj0yT0eFvTL8J
+7W+Nh2FRbWSCjSJy9pu1f2tPPB7KiBkL8QQFLrLPivEIbVXAZamWkGKgxImTNpZC
+Cqmg4t/ovkZqJeO5iAV1gG/gOlj4ejJIm8h1goA6AbJrzgpAK/lLLHkE2Cr9OTox
+fd0IZGF4joEuZm67lmmbsRj91ZNsfNNy5P82EZSGpHsbQE9B9hGR++St1Qg5YU8l
+1UkPPk3BAgMBAAECggEBAMF+8LSmh1bDH/HkuWo8fFa/o/4UWGzmKm7bbA8MWaLD
+JWzEnIY+MVIfs//SfmX0e4Q5Vh0H0X8Vm0qisIpamJ5HllytnG5AV5zACbCvwJtk
+me32Ztp5ROdIgk0lbSHM5NDhu2kk7PvtNPfUp5aGCnOImSvGXxFmIZ7M0WbH6gYZ
+hNuMCIWiTYjNVHLgl59vU55cz2Ze8a2lAqLD0UcvQtUDceqfxakBES7WcsmxSV24
+v5WheID0jX1BGkkSKZYkg+CagBGvoMei6HudkQz7xZnS27u2xrsGKi7zOMIC6cu4
+O+okPk+XHd9uleeb4klWFGx3w8HtXfEhY683jqUIeEkCgYEA86VEBamZ/FXi+vfw
+J7gyKtHUDwOrjU9pRTnZ0m1iRfbVYcR03egA9YWq4KhRp1l9Ofb1+3dCynaEyJXu
+d3vayQhKvRN2QymvETP2+3dXIdhqjgrhjRn0cZkWivTmjz20GnVvQ2X2wSNIl1tS
+B5Ym+v/G71HfAAuX+UD/FSQ017cCgYEA5x8bdRd58tg1zksnR2D5JCMvYiNVySar
+L1Z580dt6Ak0LwSWmZbGfaWAGPcBRbFGJSZCJ0AtlOCiIvDO1pdQ1UuVaknbrGEE
+rOr92/yd8CiWvbBzxjUJ3UXayy9q0iJuIt6tUaXlJDIOtxOXqYuRkb3kfnNSjDsc
+d/fhn+bZVkcCgYEA81zvPcyzf4V2TAIdgj8M9RJTg4/B6ksYtknblcEmeQXdC2PE
+6+YSFyuli/L0ZHkRiTVxa/Uq5LpPVV/VKsmutkCvDn8DEIDxWfiSyYjhom/dtvWN
+Z3g2XsVv6+pE5WzXmdoVAbg2KaKJno1buTI0y19yoJchbJUn/pL6d26Lza8CgYEA
+mrqNpEdSQg0TgId5xWSbhuDzYO0tClyT8D4hqIgigVxgDjYxKKPzQLzi1FPRCzpS
+Lp69XQ+vNGNqyJ+Uqb9lw1Y1spG9ulq9SZKM35Dwn45c1KNj7sclUnjosGyPRBz+
+xON0/xtkG2ZTyacZOs2QaBTL+wfztKQCPCK8b1OaHxMCgYAjz/psH+XbdcK/hFUk
+Ndh68Odw7pydVaIXg3woa4yDlbl5Ca69+P0sSwYYdDNKum6VEiclXlZOdhK/Pzx1
+D/KIPlOwcVcvx1Yog+eF/bZ/aDZj5uBfFDodNk0ohlwnw/2naOtOmYrbgviFznEb
+5P2U3UcClITRrgY9pc4VuFsz5Q==
+-----END PRIVATE KEY-----
diff --git a/containers/elk/logstash/conf/collectd-types.db b/containers/elk/logstash/conf/collectd-types.db
new file mode 100644
index 0000000..ec6ff93
--- /dev/null
+++ b/containers/elk/logstash/conf/collectd-types.db
@@ -0,0 +1,191 @@
+absolute value:ABSOLUTE:0:U
+apache_bytes value:DERIVE:0:U
+apache_connections value:GAUGE:0:65535
+apache_idle_workers value:GAUGE:0:65535
+apache_requests value:DERIVE:0:U
+apache_scoreboard value:GAUGE:0:65535
+ath_nodes value:GAUGE:0:65535
+ath_stat value:DERIVE:0:U
+bitrate value:GAUGE:0:4294967295
+bytes value:GAUGE:0:U
+cache_eviction value:DERIVE:0:U
+cache_operation value:DERIVE:0:U
+cache_ratio value:GAUGE:0:100
+cache_result value:DERIVE:0:U
+cache_size value:GAUGE:0:4294967295
+charge value:GAUGE:0:U
+compression_ratio value:GAUGE:0:2
+compression uncompressed:DERIVE:0:U, compressed:DERIVE:0:U
+connections value:DERIVE:0:U
+conntrack value:GAUGE:0:4294967295
+contextswitch value:DERIVE:0:U
+counter value:COUNTER:U:U
+cpufreq value:GAUGE:0:U
+cpu value:DERIVE:0:U
+current_connections value:GAUGE:0:U
+current_sessions value:GAUGE:0:U
+current value:GAUGE:U:U
+delay value:GAUGE:-1000000:1000000
+derive value:DERIVE:0:U
+df_complex value:GAUGE:0:U
+df_inodes value:GAUGE:0:U
+df used:GAUGE:0:1125899906842623, free:GAUGE:0:1125899906842623
+disk_latency read:GAUGE:0:U, write:GAUGE:0:U
+disk_merged read:DERIVE:0:U, write:DERIVE:0:U
+disk_octets read:DERIVE:0:U, write:DERIVE:0:U
+disk_ops_complex value:DERIVE:0:U
+disk_ops read:DERIVE:0:U, write:DERIVE:0:U
+disk_time read:DERIVE:0:U, write:DERIVE:0:U
+dns_answer value:DERIVE:0:U
+dns_notify value:DERIVE:0:U
+dns_octets queries:DERIVE:0:U, responses:DERIVE:0:U
+dns_opcode value:DERIVE:0:U
+dns_qtype_cached value:GAUGE:0:4294967295
+dns_qtype value:DERIVE:0:U
+dns_query value:DERIVE:0:U
+dns_question value:DERIVE:0:U
+dns_rcode value:DERIVE:0:U
+dns_reject value:DERIVE:0:U
+dns_request value:DERIVE:0:U
+dns_resolver value:DERIVE:0:U
+dns_response value:DERIVE:0:U
+dns_transfer value:DERIVE:0:U
+dns_update value:DERIVE:0:U
+dns_zops value:DERIVE:0:U
+email_check value:GAUGE:0:U
+email_count value:GAUGE:0:U
+email_size value:GAUGE:0:U
+entropy value:GAUGE:0:4294967295
+fanspeed value:GAUGE:0:U
+file_size value:GAUGE:0:U
+files value:GAUGE:0:U
+fork_rate value:DERIVE:0:U
+frequency value:GAUGE:0:U
+frequency_offset value:GAUGE:-1000000:1000000
+fscache_stat value:DERIVE:0:U
+gauge value:GAUGE:U:U
+hash_collisions value:DERIVE:0:U
+http_request_methods value:DERIVE:0:U
+http_requests value:DERIVE:0:U
+http_response_codes value:DERIVE:0:U
+humidity value:GAUGE:0:100
+if_collisions value:DERIVE:0:U
+if_dropped rx:DERIVE:0:U, tx:DERIVE:0:U
+if_errors rx:DERIVE:0:U, tx:DERIVE:0:U
+if_multicast value:DERIVE:0:U
+if_octets rx:DERIVE:0:U, tx:DERIVE:0:U
+if_packets rx:DERIVE:0:U, tx:DERIVE:0:U
+if_rx_errors value:DERIVE:0:U
+if_tx_errors value:DERIVE:0:U
+invocations value:DERIVE:0:U
+io_octets rx:DERIVE:0:U, tx:DERIVE:0:U
+io_packets rx:DERIVE:0:U, tx:DERIVE:0:U
+ipt_bytes value:DERIVE:0:U
+ipt_packets value:DERIVE:0:U
+irq value:DERIVE:0:U
+latency value:GAUGE:0:65535
+links value:GAUGE:0:U
+load shortterm:GAUGE:0:100, midterm:GAUGE:0:100, longterm:GAUGE:0:100
+md_disks value:GAUGE:0:U
+memcached_command value:DERIVE:0:U
+memcached_connections value:GAUGE:0:U
+memcached_items value:GAUGE:0:U
+memcached_octets rx:DERIVE:0:U, tx:DERIVE:0:U
+memcached_ops value:DERIVE:0:U
+memory value:GAUGE:0:281474976710656
+multimeter value:GAUGE:U:U
+mutex_operations value:DERIVE:0:U
+mysql_commands value:DERIVE:0:U
+mysql_handler value:DERIVE:0:U
+mysql_locks value:DERIVE:0:U
+mysql_log_position value:DERIVE:0:U
+mysql_octets rx:DERIVE:0:U, tx:DERIVE:0:U
+nfs_procedure value:DERIVE:0:U
+nginx_connections value:GAUGE:0:U
+nginx_requests value:DERIVE:0:U
+node_octets rx:DERIVE:0:U, tx:DERIVE:0:U
+node_rssi value:GAUGE:0:255
+node_stat value:DERIVE:0:U
+node_tx_rate value:GAUGE:0:127
+operations value:DERIVE:0:U
+percent value:GAUGE:0:100.1
+pg_blks value:DERIVE:0:U
+pg_db_size value:GAUGE:0:U
+pg_n_tup_c value:DERIVE:0:U
+pg_n_tup_g value:GAUGE:0:U
+pg_numbackends value:GAUGE:0:U
+pg_scan value:DERIVE:0:U
+pg_xact value:DERIVE:0:U
+ping_droprate value:GAUGE:0:100
+ping value:GAUGE:0:65535
+ping_stddev value:GAUGE:0:65535
+players value:GAUGE:0:1000000
+power value:GAUGE:0:U
+protocol_counter value:DERIVE:0:U
+ps_code value:GAUGE:0:9223372036854775807
+ps_count processes:GAUGE:0:1000000, threads:GAUGE:0:1000000
+ps_cputime user:DERIVE:0:U, syst:DERIVE:0:U
+ps_data value:GAUGE:0:9223372036854775807
+ps_disk_octets read:DERIVE:0:U, write:DERIVE:0:U
+ps_disk_ops read:DERIVE:0:U, write:DERIVE:0:U
+ps_pagefaults minflt:DERIVE:0:U, majflt:DERIVE:0:U
+ps_rss value:GAUGE:0:9223372036854775807
+ps_stacksize value:GAUGE:0:9223372036854775807
+ps_state value:GAUGE:0:65535
+ps_vm value:GAUGE:0:9223372036854775807
+queue_length value:GAUGE:0:U
+records value:GAUGE:0:U
+requests value:GAUGE:0:U
+response_time value:GAUGE:0:U
+route_etx value:GAUGE:0:U
+route_metric value:GAUGE:0:U
+routes value:GAUGE:0:U
+serial_octets rx:DERIVE:0:U, tx:DERIVE:0:U
+signal_noise value:GAUGE:U:0
+signal_power value:GAUGE:U:0
+signal_quality value:GAUGE:0:U
+snr value:GAUGE:0:U
+spam_check value:GAUGE:0:U
+spam_score value:GAUGE:U:U
+swap_io value:DERIVE:0:U
+swap value:GAUGE:0:1099511627776
+tcp_connections value:GAUGE:0:4294967295
+temperature value:GAUGE:-273.15:U
+threads value:GAUGE:0:U
+time_dispersion value:GAUGE:-1000000:1000000
+timeleft value:GAUGE:0:3600
+time_offset value:GAUGE:-1000000:1000000
+total_bytes value:DERIVE:0:U
+total_connections value:DERIVE:0:U
+total_operations value:DERIVE:0:U
+total_requests value:DERIVE:0:U
+total_sessions value:DERIVE:0:U
+total_threads value:DERIVE:0:U
+total_time_in_ms value:DERIVE:0:U
+total_values value:DERIVE:0:U
+uptime value:GAUGE:0:4294967295
+users value:GAUGE:0:65535
+vcpu value:GAUGE:0:U
+virt_cpu_total value:DERIVE:0:U
+virt_vcpu value:DERIVE:0:U
+vmpage_action value:DERIVE:0:U
+vmpage_faults minflt:DERIVE:0:U, majflt:DERIVE:0:U
+vmpage_io in:DERIVE:0:U, out:DERIVE:0:U
+vmpage_number value:GAUGE:0:4294967295
+volatile_changes value:GAUGE:0:U
+voltage_threshold value:GAUGE:U:U, threshold:GAUGE:U:U
+voltage value:GAUGE:U:U
+vs_memory value:GAUGE:0:9223372036854775807
+vs_processes value:GAUGE:0:65535
+vs_threads value:GAUGE:0:65535
+#
+# Legacy types
+# (required for the v5 upgrade target)
+#
+arc_counts demand_data:COUNTER:0:U, demand_metadata:COUNTER:0:U, prefetch_data:COUNTER:0:U, prefetch_metadata:COUNTER:0:U
+arc_l2_bytes read:COUNTER:0:U, write:COUNTER:0:U
+arc_l2_size value:GAUGE:0:U
+arc_ratio value:GAUGE:0:U
+arc_size current:GAUGE:0:U, target:GAUGE:0:U, minlimit:GAUGE:0:U, maxlimit:GAUGE:0:U
+mysql_qcache hits:COUNTER:0:U, inserts:COUNTER:0:U, not_cached:COUNTER:0:U, lowmem_prunes:COUNTER:0:U, queries_in_cache:GAUGE:0:U
+mysql_threads running:GAUGE:0:U, connected:GAUGE:0:U, cached:GAUGE:0:U, created:COUNTER:0:U
diff --git a/containers/elk/logstash/conf/filter_rsyslog.conf b/containers/elk/logstash/conf/filter_rsyslog.conf
new file mode 100644
index 0000000..d64be71
--- /dev/null
+++ b/containers/elk/logstash/conf/filter_rsyslog.conf
@@ -0,0 +1,13 @@
+filter {
+ if [type] == “syslog” {
+ grok {
+ match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
+ add_field => [ "received_at", "%{@timestamp}" ]
+ add_field => [ "received_from", "%{host}" ]
+ }
+ syslog_pri { }
+ date {
+ match => [ “syslog_timestamp”, “MMM d HH:mm:ss”, “MMM dd HH:mm:ss” ]
+ }
+ }
+}
diff --git a/containers/elk/logstash/conf/logstash.conf b/containers/elk/logstash/conf/logstash.conf
new file mode 100644
index 0000000..8d3f57c
--- /dev/null
+++ b/containers/elk/logstash/conf/logstash.conf
@@ -0,0 +1,28 @@
+input {
+ syslog {
+ type => syslog
+ port => 514
+ }
+ lumberjack {
+ port => 5043
+ type => "logs"
+ ssl_certificate => "/opt/logstash/certs/logstash-forwarder.crt"
+ ssl_key => "/opt/logstash/certs/logstash-forwarder.key"
+ }
+ udp {
+ port => 25826
+ buffer_size => 1452
+ codec => collectd { }
+ }
+}
+output {
+
+stdout {
+ codec => json
+}
+
+elasticsearch {
+ host => "elasticsearch"
+ port => "9300"
+ }
+}
diff --git a/containers/elk/logstash/conf/supervisord.conf b/containers/elk/logstash/conf/supervisord.conf
new file mode 100644
index 0000000..1f3ede3
--- /dev/null
+++ b/containers/elk/logstash/conf/supervisord.conf
@@ -0,0 +1,8 @@
+[supervisord]
+nodaemon=true
+
+[program:logstash
+command=/opt/logstash/bin/logstash -f /opt/logstash/logstash.conf -p /opt/logstash/plugins/
+autorestart=true
+stderr_logfile=/var/log/logstash.err.log
+stdout_logfile=/var/log/logstash.out.log