From 1051c95fcae0b8f7e58ce3257c57390520ced447 Mon Sep 17 00:00:00 2001
From: MatthewJSalerno <matthew.salerno.j@gmail.com>
Date: Fri, 22 Nov 2019 23:43:42 -0500
Subject: [PATCH] Updated the graylog image to pull in the GeoIP when built. To
 update the GeoIP all you need to do is rebuild the image (docker-compose
 build)

---
 Docker/docker-compose.yml | 5 ++---
 Docker/elasticsearch.env  | 2 +-
 Docker/graylog/Dockerfile | 7 +++++++
 Docker/graylog/getGeo.sh  | 3 +++
 4 files changed, 13 insertions(+), 4 deletions(-)
 create mode 100644 Docker/graylog/Dockerfile
 create mode 100644 Docker/graylog/getGeo.sh

diff --git a/Docker/docker-compose.yml b/Docker/docker-compose.yml
index d3e3bec..ee63a4c 100644
--- a/Docker/docker-compose.yml
+++ b/Docker/docker-compose.yml
@@ -25,11 +25,10 @@ services:
 
   # Graylog: https://hub.docker.com/r/graylog/graylog/
   graylog:
-    image: 'graylog/graylog:3.1'
+    build: graylog/.
     volumes:
       - 'graylog_journal:/usr/share/graylog/data/journal'
       - './service-names-port-numbers.csv:/etc/graylog/server/service-names-port-numbers.csv'
-      - './GeoLite2-City.mmdb:/etc/graylog/server/GeoLite2-City.mmdb'
     env_file:
       - ./graylog.env
     links:
@@ -107,4 +106,4 @@ volumes:
   grafana:
     driver: local
   influxdb:
-    driver: local
\ No newline at end of file
+    driver: local
diff --git a/Docker/elasticsearch.env b/Docker/elasticsearch.env
index 6ff280c..cbfd317 100644
--- a/Docker/elasticsearch.env
+++ b/Docker/elasticsearch.env
@@ -1,5 +1,5 @@
 http.host=0.0.0.0
 transport.host=0.0.0.0
 network.host=0.0.0.0
-ES_JAVA_OPTS="-Xms1g -Xmx1g"
+"ES_JAVA_OPTS=-Xms1g -Xmx1g"
 ES_HEAP_SIZE=2g
diff --git a/Docker/graylog/Dockerfile b/Docker/graylog/Dockerfile
new file mode 100644
index 0000000..d9a3929
--- /dev/null
+++ b/Docker/graylog/Dockerfile
@@ -0,0 +1,7 @@
+FROM graylog/graylog:3.1
+# Probably a bad idea, but it works for now
+USER root
+RUN mkdir -pv /etc/graylog/server/
+COPY ./getGeo.sh /etc/graylog/server/
+RUN chmod +x /etc/graylog/server/getGeo.sh && /etc/graylog/server/getGeo.sh
+USER graylog
diff --git a/Docker/graylog/getGeo.sh b/Docker/graylog/getGeo.sh
new file mode 100644
index 0000000..fca7617
--- /dev/null
+++ b/Docker/graylog/getGeo.sh
@@ -0,0 +1,3 @@
+GRAYLOG_PLUGIN_DIR=/etc/graylog/server/
+curl --output ${GRAYLOG_PLUGIN_DIR}/mm.tar.gz https://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz
+tar zxvf ${GRAYLOG_PLUGIN_DIR}/mm.tar.gz -C ${GRAYLOG_PLUGIN_DIR} --strip-components=1