-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
154 lines (132 loc) · 6.31 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
#------------------------------------------------------------------------------
# Portions of this file are Copyright (C)2021 Levan Sopromadze
#------------------------------------------------------------------------------
version: '3'
services:
netflow-elasticsearch:
image: docker.io/lsopromadze/netflow-elasticsearch
container_name: netflow-elasticsearch
restart: 'always'
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 131072
hard: 131072
nproc: 8192
fsize: -1
network_mode: host
volumes:
# You will need to create the path and permissions on the local file system where Elasticsearch will store data.
# mkdir /var/lib/netiflow_es && chown -R 1000:1000 /var/lib/netiflow_es
- /var/lib/netflow_es:/usr/share/elasticsearch/data
environment:
ES_JAVA_OPTS: '-Xms4g -Xmx4g'
cluster.name: netflow
bootstrap.memory_lock: 'true'
network.host: 0.0.0.0
http.port: 9200
discovery.type: 'single-node'
indices.query.bool.max_clause_count: 8192
search.max_buckets: 250000
action.destructive_requires_name: 'true'
netflow-kibana:
image: docker.io/lsopromadze/netflow-kibana
container_name: netflow-kibana
restart: 'no'
depends_on:
- netflow-elasticsearch
network_mode: host
environment:
SERVER_HOST: 0.0.0.0
SERVER_PORT: 5601
SERVER_MAXPAYLOADBYTES: 8388608
ELASTICSEARCH_HOSTS: "http://127.0.0.1:9200"
ELASTICSEARCH_REQUESTTIMEOUT: 132000
ELASTICSEARCH_SHARDTIMEOUT: 120000
KIBANA_DEFAULTAPPID: "dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5"
KIBANA_AUTOCOMPLETETIMEOUT: 3000
KIBANA_AUTOCOMPLETETERMINATEAFTER: 2500000
LOGGING_DEST: stdout
LOGGING_QUIET: 'false'
netflow-flowcollector:
image: docker.io/lsopromadze/netflow-flowcollector
container_name: netflow-flowcollector
restart: 'unless-stopped'
network_mode: 'host'
depends_on:
- netflow-elasticsearch
#volumes:
# - /etc/elastiflow:/etc/elastiflow
environment:
LS_JAVA_OPTS: '-Xms4g -Xmx4g'
EF_FLOW_SERVER_UDP_IP: '0.0.0.0'
EF_FLOW_SERVER_UDP_PORT: 5678
#EF_FLOW_DECODER_SETTINGS_PATH: '/etc/elastiflow'
EF_FLOW_DECODER_NETFLOW9_ENABLE: 'true'
EF_FLOW_DECODER_ENRICH_IPADDR_METADATA_ENABLE: 'false'
#EF_FLOW_DECODER_ENRICH_IPADDR_METADATA_USERDEF_PATH: 'metadata/ipaddrs.yml'
#EF_FLOW_DECODER_ENRICH_IPADDR_METADATA_REFRESH_RATE: 15
EF_FLOW_DECODER_ENRICH_DNS_ENABLE: 'false'
EF_FLOW_DECODER_ENRICH_DNS_NAMESERVER_IP: ''
EF_FLOW_DECODER_ENRICH_DNS_NAMESERVER_TIMEOUT: 3000
EF_FLOW_DECODER_ENRICH_MAXMIND_ASN_ENABLE: 'true'
EF_FLOW_DECODER_ENRICH_MAXMIND_ASN_PATH: '/etc/elastiflow/GeoLite2-ASN.mmdb'
EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_ENABLE: 'true'
EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_PATH: '/etc/elastiflow/GeoLite2-City.mmdb'
#EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_VALUES: 'city,country,country_code,location,timezone'
#EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_LANG: 'en'
#EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_INCLEXCL_PATH: 'maxmind/incl_excl.yml'
#EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_INCLEXCL_REFRESH_RATE: 15
EF_FLOW_DECODER_ENRICH_RISKIQ_ASN_ENABLE: 'false'
EF_FLOW_DECODER_ENRICH_RISKIQ_THREAT_ENABLE: 'false'
#EF_FLOW_DECODER_ENRICH_SAMPLERATE_CACHE_SIZE: 32768
#EF_FLOW_DECODER_ENRICH_SAMPLERATE_USERDEF_ENABLE: 'false'
#EF_FLOW_DECODER_ENRICH_SAMPLERATE_USERDEF_PATH: 'settings/sample_rate.yml'
#EF_FLOW_DECODER_ENRICH_COMMUNITYID_ENABLE: 'true'
#EF_FLOW_DECODER_ENRICH_COMMUNITYID_SEED: 0
#EF_FLOW_DECODER_ENRICH_CONVERSATIONID_ENABLE: 'true'
#EF_FLOW_DECODER_ENRICH_CONVERSATIONID_SEED: 0
EF_FLOW_DECODER_ENRICH_JOIN_ASN: 'true'
EF_FLOW_DECODER_ENRICH_JOIN_GEOIP: 'true'
#EF_FLOW_DECODER_ENRICH_JOIN_SEC: 'true'
#EF_FLOW_DECODER_ENRICH_JOIN_NETATTR: 'true'
#EF_FLOW_DECODER_ENRICH_JOIN_SUBNETATTR: 'true'
#EF_FLOW_DECODER_DURATION_PRECISION: 'ms'
#EF_FLOW_DECODER_TIMESTAMP_PRECISION: 'ms'
#EF_FLOW_DECODER_PERCENT_NORM: 100
#EF_FLOW_DECODER_ENRICH_EXPAND_CLISRV: 'true'
#EF_FLOW_DECODER_ENRICH_KEEP_CPU_TICKS: 'false'
# Elasticsearch
EF_FLOW_OUTPUT_ELASTICSEARCH_ENABLE: 'true'
EF_FLOW_OUTPUT_ELASTICSEARCH_ECS_ENABLE: 'false'
#EF_FLOW_OUTPUT_ELASTICSEARCH_BATCH_DEADLINE: 2000
#EF_FLOW_OUTPUT_ELASTICSEARCH_BATCH_MAX_BYTES: 8388608
#EF_FLOW_OUTPUT_ELASTICSEARCH_TIMESTAMP_SOURCE: 'end'
#EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_PERIOD: 'daily'
#EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_SUFFIX: ''
#EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ENABLE: 'true'
#EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_OVERWRITE: 'true'
EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_SHARDS: 1
EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_REPLICAS: 0
#EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_REFRESH_INTERVAL: '10s'
#EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_CODEC: 'best_compression'
#EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ILM_LIFECYCLE: ''
#EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ILM_ROLLOVER_ALIAS: ''
#EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ISM_POLICY: ''
#EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_PIPELINE_DEFAULT: '_none'
#EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_PIPELINE_FINAL: '_none'
# A comma separated list of Elasticsearch nodes to use. DO NOT include "http://" or "https://"
EF_FLOW_OUTPUT_ELASTICSEARCH_ADDRESSES: '127.0.0.1:9200'
#EF_FLOW_OUTPUT_ELASTICSEARCH_USERNAME: 'elastic'
#EF_FLOW_OUTPUT_ELASTICSEARCH_PASSWORD: 'changeme'
#EF_FLOW_OUTPUT_ELASTICSEARCH_CLOUD_ID: ''
#EF_FLOW_OUTPUT_ELASTICSEARCH_API_KEY: ''
EF_FLOW_OUTPUT_ELASTICSEARCH_TLS_ENABLE: 'false'
EF_FLOW_OUTPUT_ELASTICSEARCH_TLS_SKIP_VERIFICATION: 'false'
EF_FLOW_OUTPUT_ELASTICSEARCH_TLS_CA_CERT_FILEPATH: ''
#EF_FLOW_OUTPUT_ELASTICSEARCH_RETRY_ENABLE: 'true'
#EF_FLOW_OUTPUT_ELASTICSEARCH_RETRY_ON_TIMEOUT_ENABLE: 'true'
#EF_FLOW_OUTPUT_ELASTICSEARCH_MAX_RETRIES: 3
#EF_FLOW_OUTPUT_ELASTICSEARCH_RETRY_BACKOFF: 1000