From 9c5b76f97eb28421da7f27df4b1f70d0d04d4457 Mon Sep 17 00:00:00 2001 From: MatthewJSalerno Date: Fri, 22 Nov 2019 20:53:11 -0500 Subject: [PATCH 01/12] Updated Readme - Geo Added easier instructions to download geo info --- README.md | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index c273933..6d752f0 100644 --- a/README.md +++ b/README.md @@ -67,17 +67,12 @@ A salt for encrypting your graylog passwords - GRAYLOG_PASSWORD_SECRET (Change that _now_) -Now let's pull the GeoIP Database from maxmind: +Now let's pull the GeoIP Database from maxmind and symlink it: ``` curl --output mm.tar.gz https://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz -tar xfzv mm.tar.gz -``` - -.. symlink (take correct directory, includes date..): - -``` -ln -s GeoLite2-City_20191105/GeoLite2-City.mmdb . +mkdir GeoLite2-City && tar zxf mm.tar.gz -C GeoLite2-City --strip-components 1 +ln -s GeoLite2-City/GeoLite2-City.mmdb . ``` From c3d4f73505455e02945cdcc5aa21fcbd8749c5fc Mon Sep 17 00:00:00 2001 From: MatthewJSalerno Date: Fri, 22 Nov 2019 22:04:41 -0500 Subject: [PATCH 02/12] Restructured entire repo Moved volume mounted files to their own directory Split docker envs into their own files --- Docker/docker-compose.yml | 110 ++++++++++++++++ Docker/elasticsearch.env | 5 + Docker/grafana.env | 1 + .../grafana/provisioning}/dashboards/all.yml | 0 .../provisioning}/dashboards/firewall.json | 0 .../provisioning}/dashboards/ndpi.json | 0 .../provisioning}/datasources/automatic.yml | 0 Docker/graylog.env | 6 + .../graylog/service-names-port-numbers.csv | 0 Docker/influxdb.env | 1 + Docker/kibana.env | 1 + docker-compose.yml | 117 ------------------ dashboardassign.sh => misc/dashboardassign.sh | 0 jvm.options => misc/jvm.options | 0 14 files changed, 124 insertions(+), 117 deletions(-) create mode 100644 Docker/docker-compose.yml create mode 100644 Docker/elasticsearch.env create mode 100644 Docker/grafana.env rename {provisioning => Docker/grafana/provisioning}/dashboards/all.yml (100%) rename {provisioning => Docker/grafana/provisioning}/dashboards/firewall.json (100%) rename {provisioning => Docker/grafana/provisioning}/dashboards/ndpi.json (100%) rename {provisioning => Docker/grafana/provisioning}/datasources/automatic.yml (100%) create mode 100644 Docker/graylog.env rename service-names-port-numbers.csv => Docker/graylog/service-names-port-numbers.csv (100%) create mode 100644 Docker/influxdb.env create mode 100644 Docker/kibana.env delete mode 100644 docker-compose.yml rename dashboardassign.sh => misc/dashboardassign.sh (100%) rename jvm.options => misc/jvm.options (100%) diff --git a/Docker/docker-compose.yml b/Docker/docker-compose.yml new file mode 100644 index 0000000..d3e3bec --- /dev/null +++ b/Docker/docker-compose.yml @@ -0,0 +1,110 @@ +version: '2' +services: + + # MongoDB: https://hub.docker.com/_/mongo/ + mongodb: + image: 'mongo:3' + volumes: + - 'mongo_data:/data/db' + + # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/6.x/docker.html + elasticsearch: + image: 'docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.4' + mem_limit: 4g + restart: always + volumes: + - 'es_data:/usr/share/elasticsearch/data' + env_file: + - ./elasticsearch.env + ulimits: + memlock: + soft: -1 + hard: -1 + ports: + - '9200:9200' + + # Graylog: https://hub.docker.com/r/graylog/graylog/ + graylog: + image: 'graylog/graylog:3.1' + volumes: + - 'graylog_journal:/usr/share/graylog/data/journal' + - './service-names-port-numbers.csv:/etc/graylog/server/service-names-port-numbers.csv' + - './GeoLite2-City.mmdb:/etc/graylog/server/GeoLite2-City.mmdb' + env_file: + - ./graylog.env + links: + - 'mongodb:mongo' + - elasticsearch + depends_on: + - mongodb + - elasticsearch + ports: + # Netflow + - '2055:2055/udp' + # Syslog Feed + - '5442:5442/udp' + # Graylog web interface and REST API + - '9000:9000' + # Syslog TCP + - '1514:1514' + # Syslog UDP + - '1514:1514/udp' + # GELF TCP + - '12201:12201' + # GELF UDP + - '12201:12201/udp' + + # Kibana : https://www.elastic.co/guide/en/kibana/6.8/index.html + kibana: + image: 'docker.elastic.co/kibana/kibana-oss:6.8.4' + env_file: + - kibana.env + depends_on: + - elasticsearch + ports: + - '5601:5601' + cerebro: + image: lmenezes/cerebro + ports: + - '9001:9000' + links: + - elasticsearch + depends_on: + - elasticsearch + influxdb: + image: 'influxdb:latest' + env_file: + - ./influxdb.env + ports: + - '8086:8086' + volumes: + - 'influxdb:/var/lib/influxdb' + + grafana: + image: 'grafana/grafana:latest' + env_file: + - ./grafana.env + ports: + - '3000:3000' + volumes: + - 'grafana:/var/lib/grafana' + - './provisioning/:/etc/grafana/provisioning' + links: + - elasticsearch + - influxdb + depends_on: + - elasticsearch + - influxdb + +# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/ +volumes: + mongo_data: + driver: local + es_data: + driver: local + graylog_journal: + driver: local + grafana: + driver: local + influxdb: + driver: local \ No newline at end of file diff --git a/Docker/elasticsearch.env b/Docker/elasticsearch.env new file mode 100644 index 0000000..6ff280c --- /dev/null +++ b/Docker/elasticsearch.env @@ -0,0 +1,5 @@ +http.host=0.0.0.0 +transport.host=0.0.0.0 +network.host=0.0.0.0 +ES_JAVA_OPTS="-Xms1g -Xmx1g" +ES_HEAP_SIZE=2g diff --git a/Docker/grafana.env b/Docker/grafana.env new file mode 100644 index 0000000..bcb5cff --- /dev/null +++ b/Docker/grafana.env @@ -0,0 +1 @@ +GF_INSTALL_PLUGINS=grafana-piechart-panel,grafana-worldmap-panel,savantly-heatmap-panel diff --git a/provisioning/dashboards/all.yml b/Docker/grafana/provisioning/dashboards/all.yml similarity index 100% rename from provisioning/dashboards/all.yml rename to Docker/grafana/provisioning/dashboards/all.yml diff --git a/provisioning/dashboards/firewall.json b/Docker/grafana/provisioning/dashboards/firewall.json similarity index 100% rename from provisioning/dashboards/firewall.json rename to Docker/grafana/provisioning/dashboards/firewall.json diff --git a/provisioning/dashboards/ndpi.json b/Docker/grafana/provisioning/dashboards/ndpi.json similarity index 100% rename from provisioning/dashboards/ndpi.json rename to Docker/grafana/provisioning/dashboards/ndpi.json diff --git a/provisioning/datasources/automatic.yml b/Docker/grafana/provisioning/datasources/automatic.yml similarity index 100% rename from provisioning/datasources/automatic.yml rename to Docker/grafana/provisioning/datasources/automatic.yml diff --git a/Docker/graylog.env b/Docker/graylog.env new file mode 100644 index 0000000..72895fb --- /dev/null +++ b/Docker/graylog.env @@ -0,0 +1,6 @@ +# CHANGE ME (must be at least 16 characters)! +GRAYLOG_PASSWORD_SECRET=somepasswordpepperzzz +# Password: admin +GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 +GRAYLOG_HTTP_EXTERNAL_URI=http://localhost:9000/ +GRAYLOG_TIMEZONE=Europe/Berlin diff --git a/service-names-port-numbers.csv b/Docker/graylog/service-names-port-numbers.csv similarity index 100% rename from service-names-port-numbers.csv rename to Docker/graylog/service-names-port-numbers.csv diff --git a/Docker/influxdb.env b/Docker/influxdb.env new file mode 100644 index 0000000..ffa6569 --- /dev/null +++ b/Docker/influxdb.env @@ -0,0 +1 @@ +INFLUXDB_DB="ndpi" diff --git a/Docker/kibana.env b/Docker/kibana.env new file mode 100644 index 0000000..5fdcf03 --- /dev/null +++ b/Docker/kibana.env @@ -0,0 +1 @@ +ELASTICSEARCH_URL=http://elasticsearch:9200 diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index 5bf75b0..0000000 --- a/docker-compose.yml +++ /dev/null @@ -1,117 +0,0 @@ -version: '2' -services: - # MongoDB: https://hub.docker.com/_/mongo/ - mongodb: - image: mongo:3 - volumes: - - mongo_data:/data/db - # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/6.x/docker.html - elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.4 - mem_limit: 4g - restart: always - volumes: - - es_data:/usr/share/elasticsearch/data - environment: - - http.host=0.0.0.0 - - transport.host=0.0.0.0 - - network.host=0.0.0.0 - - "ES_JAVA_OPTS=-Xms1g -Xmx1g" - - ES_HEAP_SIZE=2g - ulimits: - memlock: - soft: -1 - hard: -1 - ports: - - 9200:9200 - # Graylog: https://hub.docker.com/r/graylog/graylog/ - graylog: - image: graylog/graylog:3.1 - volumes: - - graylog_journal:/usr/share/graylog/data/journal - - ./service-names-port-numbers.csv:/etc/graylog/server/service-names-port-numbers.csv - - ./GeoLite2-City.mmdb:/etc/graylog/server/GeoLite2-City.mmdb - environment: - # CHANGE ME (must be at least 16 characters)! - - GRAYLOG_PASSWORD_SECRET=somepasswordpepperzzz - # Password: admin - - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 - - GRAYLOG_HTTP_EXTERNAL_URI=http://localhost:9000/ - - GRAYLOG_TIMEZONE=Europe/Berlin - links: - - mongodb:mongo - - elasticsearch - depends_on: - - mongodb - - elasticsearch - ports: - # Netflow - - 2055:2055/udp - # Syslog Feed - - 5442:5442/udp - # Graylog web interface and REST API - - 9000:9000 - # Syslog TCP - - 1514:1514 - # Syslog UDP - - 1514:1514/udp - # GELF TCP - - 12201:12201 - # GELF UDP - - 12201:12201/udp - # Kibana : https://www.elastic.co/guide/en/kibana/6.8/index.html - kibana: - image: docker.elastic.co/kibana/kibana-oss:6.8.4 - # volumes: - # - ./kibana.yml:/usr/share/kibana/config/kibana.yml - environment: - - ELASTICSEARCH_URL=http://elasticsearch:9200 - depends_on: - - elasticsearch - ports: - - 5601:5601 - cerebro: - image: lmenezes/cerebro - ports: - - 9001:9000 - links: - - elasticsearch - depends_on: - - elasticsearch - - influxdb: - image: "influxdb:latest" - environment: - - INFLUXDB_DB="ndpi" - ports: - - "8086:8086" - volumes: - - influxdb:/var/lib/influxdb - grafana: - image: grafana/grafana:latest - environment: - - GF_INSTALL_PLUGINS=grafana-piechart-panel,grafana-worldmap-panel,savantly-heatmap-panel - ports: - - "3000:3000" - volumes: - - grafana:/var/lib/grafana - - ./provisioning/:/etc/grafana/provisioning - links: - - elasticsearch - - influxdb - depends_on: - - elasticsearch - - influxdb - -# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/ -volumes: - mongo_data: - driver: local - es_data: - driver: local - graylog_journal: - driver: local - grafana: - driver: local - influxdb: - driver: local diff --git a/dashboardassign.sh b/misc/dashboardassign.sh similarity index 100% rename from dashboardassign.sh rename to misc/dashboardassign.sh diff --git a/jvm.options b/misc/jvm.options similarity index 100% rename from jvm.options rename to misc/jvm.options From 1051c95fcae0b8f7e58ce3257c57390520ced447 Mon Sep 17 00:00:00 2001 From: MatthewJSalerno Date: Fri, 22 Nov 2019 23:43:42 -0500 Subject: [PATCH 03/12] Updated the graylog image to pull in the GeoIP when built. To update the GeoIP all you need to do is rebuild the image (docker-compose build) --- Docker/docker-compose.yml | 5 ++--- Docker/elasticsearch.env | 2 +- Docker/graylog/Dockerfile | 7 +++++++ Docker/graylog/getGeo.sh | 3 +++ 4 files changed, 13 insertions(+), 4 deletions(-) create mode 100644 Docker/graylog/Dockerfile create mode 100644 Docker/graylog/getGeo.sh diff --git a/Docker/docker-compose.yml b/Docker/docker-compose.yml index d3e3bec..ee63a4c 100644 --- a/Docker/docker-compose.yml +++ b/Docker/docker-compose.yml @@ -25,11 +25,10 @@ services: # Graylog: https://hub.docker.com/r/graylog/graylog/ graylog: - image: 'graylog/graylog:3.1' + build: graylog/. volumes: - 'graylog_journal:/usr/share/graylog/data/journal' - './service-names-port-numbers.csv:/etc/graylog/server/service-names-port-numbers.csv' - - './GeoLite2-City.mmdb:/etc/graylog/server/GeoLite2-City.mmdb' env_file: - ./graylog.env links: @@ -107,4 +106,4 @@ volumes: grafana: driver: local influxdb: - driver: local \ No newline at end of file + driver: local diff --git a/Docker/elasticsearch.env b/Docker/elasticsearch.env index 6ff280c..cbfd317 100644 --- a/Docker/elasticsearch.env +++ b/Docker/elasticsearch.env @@ -1,5 +1,5 @@ http.host=0.0.0.0 transport.host=0.0.0.0 network.host=0.0.0.0 -ES_JAVA_OPTS="-Xms1g -Xmx1g" +"ES_JAVA_OPTS=-Xms1g -Xmx1g" ES_HEAP_SIZE=2g diff --git a/Docker/graylog/Dockerfile b/Docker/graylog/Dockerfile new file mode 100644 index 0000000..d9a3929 --- /dev/null +++ b/Docker/graylog/Dockerfile @@ -0,0 +1,7 @@ +FROM graylog/graylog:3.1 +# Probably a bad idea, but it works for now +USER root +RUN mkdir -pv /etc/graylog/server/ +COPY ./getGeo.sh /etc/graylog/server/ +RUN chmod +x /etc/graylog/server/getGeo.sh && /etc/graylog/server/getGeo.sh +USER graylog diff --git a/Docker/graylog/getGeo.sh b/Docker/graylog/getGeo.sh new file mode 100644 index 0000000..fca7617 --- /dev/null +++ b/Docker/graylog/getGeo.sh @@ -0,0 +1,3 @@ +GRAYLOG_PLUGIN_DIR=/etc/graylog/server/ +curl --output ${GRAYLOG_PLUGIN_DIR}/mm.tar.gz https://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz +tar zxvf ${GRAYLOG_PLUGIN_DIR}/mm.tar.gz -C ${GRAYLOG_PLUGIN_DIR} --strip-components=1 From c11d633e8f4d51f817c2f3e0d6e5d0a499330fdd Mon Sep 17 00:00:00 2001 From: MatthewJSalerno Date: Fri, 22 Nov 2019 23:50:05 -0500 Subject: [PATCH 04/12] Formatting only The missing space above influxdb was bugging me --- Docker/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/Docker/docker-compose.yml b/Docker/docker-compose.yml index ee63a4c..cdda398 100644 --- a/Docker/docker-compose.yml +++ b/Docker/docker-compose.yml @@ -70,6 +70,7 @@ services: - elasticsearch depends_on: - elasticsearch + influxdb: image: 'influxdb:latest' env_file: From 684e9b1d005f4d87e9e35f4d39216c85b459a403 Mon Sep 17 00:00:00 2001 From: MatthewJSalerno Date: Sat, 23 Nov 2019 00:08:23 -0500 Subject: [PATCH 05/12] added TZ list https://en.wikipedia.org/wiki/List_of_tz_database_time_zones --- Docker/graylog.env | 1 + 1 file changed, 1 insertion(+) diff --git a/Docker/graylog.env b/Docker/graylog.env index 72895fb..0843b5c 100644 --- a/Docker/graylog.env +++ b/Docker/graylog.env @@ -3,4 +3,5 @@ GRAYLOG_PASSWORD_SECRET=somepasswordpepperzzz # Password: admin GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 GRAYLOG_HTTP_EXTERNAL_URI=http://localhost:9000/ +# TZ List - https://en.wikipedia.org/wiki/List_of_tz_database_time_zones GRAYLOG_TIMEZONE=Europe/Berlin From 4b69fe18db9aeeb3479af224f91a32210473012b Mon Sep 17 00:00:00 2001 From: MatthewJSalerno Date: Sat, 23 Nov 2019 00:14:12 -0500 Subject: [PATCH 06/12] Changed a line --- README.md | 9 --------- 1 file changed, 9 deletions(-) diff --git a/README.md b/README.md index 6d752f0..9febaf8 100644 --- a/README.md +++ b/README.md @@ -67,15 +67,6 @@ A salt for encrypting your graylog passwords - GRAYLOG_PASSWORD_SECRET (Change that _now_) -Now let's pull the GeoIP Database from maxmind and symlink it: - -``` -curl --output mm.tar.gz https://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz -mkdir GeoLite2-City && tar zxf mm.tar.gz -C GeoLite2-City --strip-components 1 -ln -s GeoLite2-City/GeoLite2-City.mmdb . -``` - - Finally, spin up the stack with: ``` From d2ab5fb4e7d18f0a1b05cb94322c5814e534d71d Mon Sep 17 00:00:00 2001 From: MatthewJSalerno Date: Sat, 23 Nov 2019 09:05:18 -0500 Subject: [PATCH 07/12] Moved GRAYLOG_PLUGIN_DIR env var to Dockerfile Added log limits to the docker-compose services - 500Mb each --- Docker/docker-compose.yml | 17 ++++++++++++++++- Docker/graylog/Dockerfile | 1 + Docker/graylog/getGeo.sh | 1 - 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/Docker/docker-compose.yml b/Docker/docker-compose.yml index cdda398..699a7e9 100644 --- a/Docker/docker-compose.yml +++ b/Docker/docker-compose.yml @@ -25,7 +25,10 @@ services: # Graylog: https://hub.docker.com/r/graylog/graylog/ graylog: - build: graylog/. + build: + context: ./graylog/. + args: + - GRAYLOG_PLUGIN_DIR volumes: - 'graylog_journal:/usr/share/graylog/data/journal' - './service-names-port-numbers.csv:/etc/graylog/server/service-names-port-numbers.csv' @@ -70,6 +73,10 @@ services: - elasticsearch depends_on: - elasticsearch + logging: + driver: "json-file" + options: + max-size: "100M" influxdb: image: 'influxdb:latest' @@ -79,6 +86,10 @@ services: - '8086:8086' volumes: - 'influxdb:/var/lib/influxdb' + logging: + driver: "json-file" + options: + max-size: "100M" grafana: image: 'grafana/grafana:latest' @@ -95,6 +106,10 @@ services: depends_on: - elasticsearch - influxdb + logging: + driver: "json-file" + options: + max-size: "100M" # Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/ volumes: diff --git a/Docker/graylog/Dockerfile b/Docker/graylog/Dockerfile index d9a3929..04209f9 100644 --- a/Docker/graylog/Dockerfile +++ b/Docker/graylog/Dockerfile @@ -1,6 +1,7 @@ FROM graylog/graylog:3.1 # Probably a bad idea, but it works for now USER root +ENV GRAYLOG_PLUGIN_DIR=/etc/graylog/server/ RUN mkdir -pv /etc/graylog/server/ COPY ./getGeo.sh /etc/graylog/server/ RUN chmod +x /etc/graylog/server/getGeo.sh && /etc/graylog/server/getGeo.sh diff --git a/Docker/graylog/getGeo.sh b/Docker/graylog/getGeo.sh index fca7617..c0dc234 100644 --- a/Docker/graylog/getGeo.sh +++ b/Docker/graylog/getGeo.sh @@ -1,3 +1,2 @@ -GRAYLOG_PLUGIN_DIR=/etc/graylog/server/ curl --output ${GRAYLOG_PLUGIN_DIR}/mm.tar.gz https://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz tar zxvf ${GRAYLOG_PLUGIN_DIR}/mm.tar.gz -C ${GRAYLOG_PLUGIN_DIR} --strip-components=1 From c3b2a765c0a4964b0d74229d43b54a084f70e435 Mon Sep 17 00:00:00 2001 From: MatthewJSalerno Date: Sat, 23 Nov 2019 09:25:20 -0500 Subject: [PATCH 08/12] Updated Instructions Added top blurb and updated instructions, which file to edit etc. --- README.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 9febaf8..d7f425f 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,8 @@ -This Project aims to give you better insight of what's going on your pfSense Firewall. It's based on some heavylifting alrerady done by devopstales and opc40772. Since it still was a bit clumsy and outdated I wrapped some docker-compose glue around it, to make it a little bit easier to get up and running. It should work hasslefree with a current Linux that has docker and docker-compose, still there is a number of manual steps required. +This is a fork of https://github.com/lephisto/pfsense-analytics + +The original project is really well done but I wanted to organize a few things for clarity and elinimate a few manual steps + +This Project aims to give you better insight of what's going on your pfSense Firewall. It's based on some heavylifting alrerady done by devopstales and opc40772. Since it still was a bit clumsy and outdated I wrapped some docker-compose glue around it, to make it a little bit easier to get up and running. It should work hasslefree with a current Linux that has docker and docker-compose. The whole metric approach is split into several subtopics. @@ -23,8 +27,6 @@ Firewall Insights: Moar Insights: ![fw2](https://raw.githubusercontent.com/lephisto/pfsense-analytics/master/screenshots/fw2.png) - - This walkthrough has been made with a fresh install of Ubuntu 18.04 Bionic but should work flawless with any debian'ish linux distro. # 0. System requirements @@ -42,7 +44,7 @@ sudo apt install docker.io docker-compose git Let's pull this repo to the Server where you intend to run the Analytics front- and backend. ``` -git clone https://github.com/lephisto/pfsense-analytics +git clone https://github.com/MatthewJSalerno/pfsense-analytics.git cd pfsense-analytics ``` @@ -58,7 +60,7 @@ to make it permanent edit /etc/sysctl.conf and add the line: vm.max_map_count=262144 ``` -Next edit the docker-compose.yml file and set some values: +Next edit the ./pfsense-analytics/Docker/graylog.env file and set some values: The URL you want your graylog to be available under: - GRAYLOG_HTTP_EXTERNAL_URI (eg: http://localhost:9000) @@ -70,6 +72,7 @@ A salt for encrypting your graylog passwords Finally, spin up the stack with: ``` +cd ./Docker sudo docker-compose up -d ``` From 3d910942826b9aefdcbe0d1aa32f4e5a8d6eeb7b Mon Sep 17 00:00:00 2001 From: MatthewJSalerno Date: Sat, 23 Nov 2019 09:26:26 -0500 Subject: [PATCH 09/12] Fixed path in doc --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d7f425f..baa06ba 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,7 @@ to make it permanent edit /etc/sysctl.conf and add the line: vm.max_map_count=262144 ``` -Next edit the ./pfsense-analytics/Docker/graylog.env file and set some values: +Next edit the ./Docker/graylog.env file and set some values: The URL you want your graylog to be available under: - GRAYLOG_HTTP_EXTERNAL_URI (eg: http://localhost:9000) From 7e16cffcaa74d98082133dfd80d65269ef187174 Mon Sep 17 00:00:00 2001 From: MatthewJSalerno Date: Sat, 23 Nov 2019 09:39:42 -0500 Subject: [PATCH 10/12] Added TZ Url --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index baa06ba..33b9252 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,9 @@ vm.max_map_count=262144 Next edit the ./Docker/graylog.env file and set some values: +Set the proper Time Zone: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +- GRAYLOG_TIMEZONE=Europe/Berlin + The URL you want your graylog to be available under: - GRAYLOG_HTTP_EXTERNAL_URI (eg: http://localhost:9000) From 5b0bd5eddac3383ff4c4666a1abcd52bd801fda3 Mon Sep 17 00:00:00 2001 From: MatthewJSalerno Date: Sat, 23 Nov 2019 09:58:21 -0500 Subject: [PATCH 11/12] Added graylog rebuild instructions to update geoIP --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 33b9252..a3e742a 100644 --- a/README.md +++ b/README.md @@ -79,6 +79,14 @@ cd ./Docker sudo docker-compose up -d ``` +Note: graylog will be built the first time you run docker-compose. The below step is only for updating the GeiLite DB. +To update the geolite.maxmind.com GeoLite2-City database, simply run: +``` +cd ./Docker +sudo docker-compose up -d --no-deps --build graylog +``` + + This should expose you the following services externally: | Service | URL | Default Login | Purpose | From 214b26304b85b7304bc8880c851db3c229658bf3 Mon Sep 17 00:00:00 2001 From: MatthewJSalerno Date: Sat, 23 Nov 2019 10:01:37 -0500 Subject: [PATCH 12/12] Removed unused args from graylog service --- Docker/docker-compose.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/Docker/docker-compose.yml b/Docker/docker-compose.yml index 699a7e9..3310e7e 100644 --- a/Docker/docker-compose.yml +++ b/Docker/docker-compose.yml @@ -27,8 +27,6 @@ services: graylog: build: context: ./graylog/. - args: - - GRAYLOG_PLUGIN_DIR volumes: - 'graylog_journal:/usr/share/graylog/data/journal' - './service-names-port-numbers.csv:/etc/graylog/server/service-names-port-numbers.csv'