-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yml
58 lines (52 loc) · 1.28 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
version: '3'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.7.0
networks:
- elk
environment:
cluster.name: elk
network.host: 0.0.0.0
discovery.type: single-node
ES_JAVA_OPTS: "-Xms256m -Xmx256m"
filebeat:
image: docker.elastic.co/beats/filebeat:7.7.0
command: ["--strict.perms=false", "-c", "/usr/share/filebeat/filebeat.yml"]
volumes:
- ./suricata/logs:/var/log/suricata:ro
- ./filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
networks:
- elk
environment:
LS_JAVA_OPTS: "-Xms256m -Xmx256m"
restart: always
depends_on:
- kibana
- suricata
kibana:
image: docker.elastic.co/kibana/kibana:7.7.0
networks:
- elk
environment:
server.name: "kibana"
server.host: "0"
elasticsearch.hosts: '[ "http://elasticsearch:9200" ]'
ports:
- 5601:5601
depends_on:
- elasticsearch
suricata:
image: jasonish/suricata:latest
command: -i enp1s0
network_mode: host
cap_add:
- NET_ADMIN
- SYS_NICE
volumes:
- ./suricata/logs:/var/log/suricata
- ./suricata/rules:/var/lib/suricata
- ./suricata/config:/etc/suricata
depends_on:
- elasticsearch
networks:
elk: