Skip to content

Latest commit

 

History

History
42 lines (24 loc) · 3.23 KB

DOCKER.md

File metadata and controls

42 lines (24 loc) · 3.23 KB
Raw

Running ElastiFlow™ on Docker

patreon Donate Tweet

SUPPORTING ElastiFlow™ - Today literally 1000s of users leverage ElastiFlow™ As a powerful alternative to expensive commercial flow collecting solutions. As its popularity has increased, so has the time commitment necessary to support users and provide further enhancements. If you are one of the organizations who appreciate the value of ElastiFlow™, I would like to ask you to consider becoming a sponsor. The support from sponsors allows me dedicate more time and energy to the project. To become a sponsor, please visit ElastiFlow on patreon.

Setting up ElastiFlow™ on Docker

The easiest way to get ElastiFlow™ up and running quickly is to use Docker and docker-compose. The following instructions will walk you through setting up a single node installation of ElastiFlow™ on Docker.

NOTE: These instructions assume that you will have a server available with a recent Linux distribution and both Docker and docker-composer installed.

Prepare the Data Path

Data written within a container's file system is ephemeral. It will be lost when the container is removed. For the data to persist it is necessary to write the data to local host's file system using a bind mount. You must create a path on the local host, and set the necessary permissions for the processes within the container to write to it.

sudo mkdir /var/lib/elastiflow_es
sudo chown -R 1000:1000 /var/lib/elastiflow_es

Customize Environment Variables in docker-compose.yml

While the provided defaults should allow you to get up and running quickly, you may need to make changes specific to your requirements. After copying the provided docker-compose.yml from the repository to the server, edit any relevant environment variables.

The ElastiFlow™ Logstash container can be configured using the same environment variables discussed in INSTALL.md.

Start the Elastic Stack using docker-compose

Start the Elastic Stack (incl. Logstash with the ElastiFlow pipeline) using docker-compose.

From the path where you placed the docker-compose.yml file run:

sudo docker-compose up -d

Import Dashboards into Kibana

The Index Patterns, vizualizations and dashboards can be loaded into Kibana by importing the elastiflow.kibana.<VER>.json file from within the Kibana UI. This is done from the Management -> Stack Management -> Kibana Saved Objects page.

You may also want to configure the recommend advanced Kibana settings discussed in INSTALL.md.