Skip to content

Commit

Permalink
Mount alerts as shared volume instead of file
Browse files Browse the repository at this point in the history
  • Loading branch information
f-galland committed Jun 12, 2024
1 parent 7ab4cd6 commit f3d939b
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 9 deletions.
32 changes: 26 additions & 6 deletions integrations/docker/manager-elastic.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,12 @@ services:
condition: service_healthy
command: bash -c "python run.py -o filebeat"
volumes:
- alerts:/var/ossec/logs/alerts/alerts.json
- alerts:/var/ossec/logs/alerts/

wazuh.manager:
image: wazuh/wazuh-manager:${WAZUH_VERSION}
build:
dockerfile: manager-logstash.Dockerfile
#build:
# dockerfile: manager-logstash.Dockerfile
hostname: wazuh.manager
restart: always
ulimits:
Expand All @@ -33,7 +33,7 @@ services:
environment:
- INDEXER_URL=https://wazuh.indexer:9200
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- INDEXER_PASSWORD=admin
- FILEBEAT_SSL_VERIFICATION_MODE=full
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem
Expand All @@ -49,8 +49,8 @@ services:
- ./certs/root-ca.pem:/usr/share/logstash/root-ca.pem
- ../elastic/logstash/pipeline:/usr/share/logstash/pipeline
- es_certs:/etc/certs/elastic
- alerts:/var/ossec/logs/alerts/alerts.json
command: logstash -f /usr/share/logstash/pipeline/manager-to-elastic.conf
- alerts:/var/ossec/logs/alerts/
#command: logstash -f /usr/share/logstash/pipeline/manager-to-elastic.conf

wazuh.indexer:
image: opensearchproject/opensearch:2.12.0
Expand All @@ -75,6 +75,7 @@ services:
- plugins.security.ssl.transport.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem
- plugins.security.authcz.admin_dn="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California, C=US"
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
- compatibility.override_main_response_version=true
ulimits:
memlock:
soft: -1
Expand All @@ -99,6 +100,25 @@ services:
volumes:
- ./certs/:/certificates/
- ./config/certs.yml:/config/certs.yml

logstash:
depends_on:
es01:
condition: service_healthy
wazuh-certs-generator:
condition: service_completed_successfully
image: logstash-oss:8.6.2
build:
context: ../elastic
environment:
LOG_LEVEL: info
MONITORING_ENABLED: false
volumes:
- ../elastic/logstash/pipeline:/usr/share/logstash/pipeline
- es_certs:/usr/share/logstash/es_certs
- alerts:/var/ossec/logs/alerts/
command: logstash -f /usr/share/logstash/pipeline/manager-to-elastic.conf



# =================================
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,13 @@ input {

output {
elasticsearch {
hosts => "es01"
hosts => "es01:9200"
index => "wazuh-alerts-4.x-%{+YYYY.MM.dd}"
user => "elastic"
password => "elastic"
ssl => true
cacert => '/etc/certs/elastic/ca/ca.crt'
template => '/etc/logstash/es_template.json'
cacert => '/usr/share/logstash/es_certs/ca/ca.crt'
template => '/usr/share/logstash/pipeline/es_template.json'
template_name => 'wazuh'
template_overwrite => true
}
Expand Down

0 comments on commit f3d939b

Please sign in to comment.