forked from robcowart/synesis_lite_syslog
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yml
115 lines (98 loc) · 4.22 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
#------------------------------------------------------------------------------
# Portions of this file are Copyright (C)2019 Robert Cowart
#
# Portions of this file are subject to the Robert Cowart Public License (the
# "License") and may not be used or distributed except in compliance with the
# License. You may obtain a copy of the License at:
#
# http://www.koiossian.com/public/robert_cowart_public_license.txt
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for
# the specific language governing rights and limitations under the License.
#
# The Original Source Code was developed by Robert Cowart. Portions created by
# Robert Cowart are Copyright (C)2019 Robert Cowart. All Rights Reserved.
#------------------------------------------------------------------------------
version: '3'
services:
synlite-elasticsearch-oss:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.0.1
container_name: synlite-elasticsearch-oss
restart: 'no'
ulimits:
memlock:
soft: -1
hard: -1
network_mode: host
volumes:
- /var/lib/synlite_es:/usr/share/elasticsearch/data
environment:
# JVM Heap size
# - this should be at least 2GB for simple testing, receiving only a few flows per second.
# - for production environments upto 31GB is recommended.
ES_JAVA_OPTS: '-Xms2g -Xmx2g'
cluster.name: synlite
bootstrap.memory_lock: 'true'
network.host: 0.0.0.0
http.port: 9200
discovery.type: 'single-node'
indices.query.bool.max_clause_count: 8192
search.max_buckets: 100000
action.destructive_requires_name: 'true'
synlite-kibana-oss:
image: docker.elastic.co/kibana/kibana-oss:7.0.1
container_name: synlite-kibana-oss
restart: 'no'
depends_on:
- synlite-elasticsearch-oss
network_mode: host
environment:
SERVER_HOST: 0.0.0.0
SERVER_PORT: 5601
ELASTICSEARCH_HOSTS: "http://127.0.0.1:9200"
KIBANA_DEFAULTAPPID: "dashboard/ec85a1c0-73e0-11e9-b45b-85d6db7c0cfc"
LOGGING_QUIET: 'true'
synlite-syslog-logstash-oss:
image: robcowart/synlite-syslog-logstash-oss:1.1.0_7.0.1
container_name: synlite-syslog-logstash-oss
restart: 'no'
depends_on:
- synlite-elasticsearch-oss
network_mode: host
environment:
# JVM Heap size - this MUST be at least 512MB (1GB preferred)
LS_JAVA_OPTS: '-Xms1g -Xmx1g'
# NOTE: Ports below 1024 require root privileges. Since Logstash will be started with the user 'logstash' we will listen on port 51400.
# The TCP port on which to listen for syslog messages.
SYNLITE_SYSLOG_TCP_IPV4_PORT: 51400
# The UDP port on which to listen for syslog messages.
SYNLITE_SYSLOG_UDP_IPV4_PORT: 51400
# The number of UDP input threads.
SYNLITE_SYSLOG_UDP_WORKERS: 4
# The number of unprocessed UDP packets the input can buffer.
SYNLITE_SYSLOG_UDP_QUEUE_SIZE: 4096
# The UDP socket receive buffer size (bytes).
SYNLITE_SYSLOG_UDP_RCV_BUFF: 33554432
# The Elasticsearch host to which the output will send data.
SYNLITE_SYSLOG_ES_HOST: '127.0.0.1:9200'
# The username for the connection to Elasticsearch.
SYNLITE_SYSLOG_ES_USER: 'elastic'
# The password for the connection to Elasticsearch.
SYNLITE_SYSLOG_ES_PASSWORD: 'changeme'
# Enable/Disable DNS requests.
SYNLITE_SYSLOG_RESOLVE_IP2HOST: 'false'
# The DNS server to which the dns filter should send requests.
SYNLITE_SYSLOG_NAMESERVER: '127.0.0.1'
# The cache size for successful DNS queries
SYNLITE_SYSLOG_DNS_HIT_CACHE_SIZE: 10000
# The time in seconds successful DNS queries are cached.
SYNLITE_SYSLOG_DNS_HIT_CACHE_TTL: 900
# The cache size for failed DNS queries.
SYNLITE_SYSLOG_DNS_FAILED_CACHE_SIZE: 25000
# The time in seconds failed DNS queries are cached
SYNLITE_SYSLOG_DNS_FAILED_CACHE_TTL: 3600
# Whether to use the timestamp from the received message to set @timestamp.
SYNLITE_SYSLOG_MSG_TIMESTAMP: 'true'
# The timezone of the timestamp of the incoming messages.
SYNLITE_SYSLOG_TZ: 'UTC'