forked from robcowart/elastiflow
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose-macos.yml
144 lines (125 loc) · 4.5 KB
/
docker-compose-macos.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
#------------------------------------------------------------------------------
# Portions of this file are Copyright (C)2020 Robert Cowart
#
# Portions of this file are subject to the Robert Cowart Public License (the
# "License") and may not be used or distributed except in compliance with the
# License. You may obtain a copy of the License at:
#
# http://www.koiossian.com/public/robert_cowart_public_license.txt
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for
# the specific language governing rights and limitations under the License.
#
# The Original Source Code was developed by Robert Cowart. Portions created by
# Robert Cowart are Copyright (C)2020 Robert Cowart. All Rights Reserved.
#------------------------------------------------------------------------------
version: '3'
networks:
elastiflow:
services:
elastiflow-elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.8.1
container_name: elastiflow-elasticsearch
restart: 'no'
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 131072
hard: 131072
nproc: 8192
fsize: -1
networks:
- elastiflow
ports:
# HTTP/REST
- 9200:9200/tcp
volumes:
# You will need to create the path and permissions on the local file system where Elasticsearch will store data.
# For example...
# mkdir /var/lib/elastiflow_es && chown -R 1000:1000 /var/lib/elastiflow_es
- ~/var/lib/elastiflow_es:/usr/share/elasticsearch/data
environment:
# JVM Heap size
# - this should be at least 2GB for simple testing, receiving only a few flows per second.
# - for production environments upto 31GB is recommended.
ES_JAVA_OPTS: '-Xms4g -Xmx4g'
cluster.name: elastiflow
bootstrap.memory_lock: 'true'
network.host: 0.0.0.0
http.port: 9200
discovery.type: 'single-node'
indices.query.bool.max_clause_count: 8192
search.max_buckets: 250000
action.destructive_requires_name: 'true'
elastiflow-kibana:
image: docker.elastic.co/kibana/kibana:7.8.1
container_name: elastiflow-kibana
restart: 'no'
depends_on:
- elastiflow-elasticsearch
networks:
- elastiflow
ports:
# HTTP/REST
- 5601:5601/tcp
environment:
SERVER_HOST: 0.0.0.0
SERVER_PORT: 5601
SERVER_MAXPAYLOADBYTES: 8388608
ELASTICSEARCH_HOSTS: "http://elastiflow-elasticsearch:9200"
ELASTICSEARCH_REQUESTTIMEOUT: 132000
ELASTICSEARCH_SHARDTIMEOUT: 120000
KIBANA_DEFAULTAPPID: "dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5"
KIBANA_AUTOCOMPLETETIMEOUT: 3000
KIBANA_AUTOCOMPLETETERMINATEAFTER: 2500000
LOGGING_DEST: stdout
LOGGING_QUIET: 'false'
elastiflow-logstash:
image: robcowart/elastiflow-logstash:4.0.1
container_name: elastiflow-logstash
restart: 'no'
depends_on:
- elastiflow-elasticsearch
networks:
- elastiflow
ports:
- 2055:2055/udp
- 4739:4739/udp
- 6343:6343/udp
environment:
# JVM Heap size - this MUST be at least 3GB (4GB preferred)
LS_JAVA_OPTS: '-Xms4g -Xmx4g'
# ElastiFlow global configuration
ELASTIFLOW_AGENT_ID: elastiflow
ELASTIFLOW_GEOIP_CACHE_SIZE: 16384
ELASTIFLOW_GEOIP_LOOKUP: 'true'
ELASTIFLOW_ASN_LOOKUP: 'true'
ELASTIFLOW_OUI_LOOKUP: 'false'
ELASTIFLOW_POPULATE_LOGS: 'true'
ELASTIFLOW_KEEP_ORIG_DATA: 'true'
ELASTIFLOW_DEFAULT_APPID_SRCTYPE: '__UNKNOWN'
# Name resolution option
ELASTIFLOW_RESOLVE_IP2HOST: 'false'
ELASTIFLOW_NAMESERVER: '127.0.0.1'
ELASTIFLOW_DNS_HIT_CACHE_SIZE: 25000
ELASTIFLOW_DNS_HIT_CACHE_TTL: 900
ELASTIFLOW_DNS_FAILED_CACHE_SIZE: 75000
ELASTIFLOW_DNS_FAILED_CACHE_TTL: 3600
ELASTIFLOW_ES_HOST: 'elastiflow-elasticsearch:9200'
#ELASTIFLOW_ES_USER: 'elastic'
#ELASTIFLOW_ES_PASSWD: 'changeme'
ELASTIFLOW_NETFLOW_IPV4_PORT: 2055
ELASTIFLOW_NETFLOW_UDP_WORKERS: 2
ELASTIFLOW_NETFLOW_UDP_QUEUE_SIZE: 4096
ELASTIFLOW_NETFLOW_UDP_RCV_BUFF: 33554432
ELASTIFLOW_SFLOW_IPV4_PORT: 6343
ELASTIFLOW_SFLOW_UDP_WORKERS: 2
ELASTIFLOW_SFLOW_UDP_QUEUE_SIZE: 4096
ELASTIFLOW_SFLOW_UDP_RCV_BUFF: 33554432
ELASTIFLOW_IPFIX_UDP_IPV4_PORT: 4739
ELASTIFLOW_IPFIX_UDP_WORKERS: 2
ELASTIFLOW_IPFIX_UDP_QUEUE_SIZE: 4096
ELASTIFLOW_IPFIX_UDP_RCV_BUFF: 33554432