4 files changed, 75 insertions, 4 deletions

diff --git a/elk/docker-compose.yaml b/elk/docker-compose.yaml
index 21380b7..60f36d9 100644
--- a/elk/docker-compose.yaml
+++ b/elk/docker-compose.yaml
@@ -16,6 +16,7 @@ services:
       - lognet
     ports:
       - "127.0.0.1:9200:9200"
+      - "172.17.0.1:9200:9200"
       - "127.0.0.1:9300:9300"
     environment:
       - ES_JAVA_OPTS=-Xms256m -Xmx256m
@@ -44,6 +45,7 @@ services:
     volumes:
       - ./logstash.yml:/usr/share/logstash/config/logstash.yml:ro
       - ./logstash.conf:/usr/share/logstash/pipline/logstash.conf:ro
+  # docker run docker.elastic.co/beats/filebeat:8.10.2 setup -E setup.kibana.host=172.17.0.1:5102 -E output.elasticsearch.hosts=["172.17.0.1:9200"]
   kibana:
     image: kibana:8.10.1
     deploy:
@@ -60,6 +62,7 @@ services:
       - lognet
     ports:
       - "127.0.0.1:5102:5601"
+      - "172.17.0.1:5102:5601"
     depends_on:
       - elasticsearch
     volumes:
@@ -82,14 +85,15 @@ services:
       - lognet
     depends_on:
       - elasticsearch
-    environment:
-      - setup.kibana.host=kibana:5601
-      - output.elasticsearch.hosts=["http://elasticsearch:9200"]
+    # environment:
+    #   - setup.kibana.host=kibana:5601
+    #   - output.elasticsearch.hosts=["http://elasticsearch:9200"]
     volumes:
       - log-data:/logs/
-      - /var/lib/docker/containers:/usr/share/dockerlogs/data:ro
+      - /home/devi/ssd1/docker/containers:/usr/share/dockerlogs/data:ro
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - ./filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
+      - /var/log:/usr/share/var/log:ro
 volumes:
   elk-data:
   log-data:
diff --git a/elk/filebeat.yml b/elk/filebeat.yml
new file mode 100644
index 0000000..ea8fc5d
--- /dev/null
+++ b/elk/filebeat.yml
@@ -0,0 +1,41 @@
+name: filebeat
+
+filebeat.config:
+  modules:
+    path: ${path.config}/modules.d/*.yml
+    reload.enabled: false
+
+# filebeat.autodiscover:
+#   providers:
+#     - type: docker
+#       hints.enabled: true
+
+filebeat.inputs:
+  - type: container
+    enabled: true
+    paths: 
+      - /usr/share/dockerlogs/data/*/*.log
+  - type: filestream
+    enabled: true
+    paths:
+      - /usr/share/var/log/*.log
+
+processors:
+- add_cloud_metadata: ~
+
+output.elasticsearch:
+  enabled: true
+  hosts: [ "http://elasticsearch:9200" ]
+  username: "elastic"
+  password: "changeme"
+
+# output.logstash:
+#   enabled: true
+#   hosts: [ "http://logstsh:5044" ]
+
+# setup.kibana:
+#   host: "http://kibana:5601"
+
+# http:
+#   enabled: true
+#   host: 0.0.0.0
diff --git a/elk/logstash.conf b/elk/logstash.conf
new file mode 100644
index 0000000..0440f5d
--- /dev/null
+++ b/elk/logstash.conf
@@ -0,0 +1,19 @@
+input {
+	beats {
+		port => 5044
+	}
+
+	# tcp {
+	# 	port => 50000
+	# }
+}
+
+## Add your filters / logstash plugins configuration here
+
+output {
+	elasticsearch {
+		hosts => ["elasticsearch:9200"]
+		ssl => false
+		index => "logstash"
+	}
+}
diff --git a/elk/logstash.yml b/elk/logstash.yml
new file mode 100644
index 0000000..a81b89b
--- /dev/null
+++ b/elk/logstash.yml
@@ -0,0 +1,7 @@
+---
+## Default Logstash configuration from Logstash base image.
+## https://github.com/elastic/logstash/blob/main/docker/data/logstash/config/logstash-full.yml
+#
+http.host: 0.0.0.0
+
+node.name: logstash