shane/odin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

remove graylog

Browse Source 
At some point I started to replace logstash with graylog but didn't
finish. Reverting back to logstash for now.
This commit is contained in:
Shane Peters
2019-01-11 14:00:55 -05:00
parent 988121999d
commit 1b48e3fed0
3 changed files with 2 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -1,5 +1,5 @@
# What is ist
Using the power of [LXD containers](https://linuxcontainers.org/lxd/), Odin incorporates [Graylog](https://www.graylog.org/), [ELK](https://elastic.co), [Kafka](https://kafka.apache.org), [411](https://github.com/etsy/411), [Bro](https://bro.org), [RITA](https://github.com/ocmdev/rita), [grafana](https://grafana.com/) and [prometheus](https://prometheus.io) to provide an all-in-one SEIM for deployment on a single (large)
Using the power of [LXD containers](https://linuxcontainers.org/lxd/), Odin incorporates [ELK stack](https://elastic.co), [Kafka](https://kafka.apache.org), [411](https://github.com/etsy/411), [Bro](https://bro.org), [RITA](https://github.com/ocmdev/rita), [grafana](https://grafana.com/) and [prometheus](https://prometheus.io) to provide an all-in-one SEIM for deployment on a single (large)
machine.
## Note, I last tested this on Ubuntu Xenial ~8mo ago. Tweaking might be required.

22
containers/graylog
View File

@@ -1,22 +0,0 @@
#!/bin/bash
# Configure Logstash for Odin
#
echo -e "\e[93m"
log() {
echo -e "\t\e[96m[*]${1}\e[93m"
}
export IP=$(ip route | awk '/src/{print $9}')
echo "logstash" >/etc/hostname
echo -e "${IP}\tlogstash" >> /etc/hosts
deluser -q --remove-home ubuntu
apt-get update || exit 1
apt-get --purge remove snapd lxd -y
apt-get upgrade -y
apt-get install -y htop wget openjdk-8-jre-headless uuid-runtime pwgen mongodb-server prometheus-node-exporter
echo -e "\e[0m"

2
deploy
View File

@@ -73,7 +73,7 @@ setup_containers() {
export BROFACE=${1}
export ICAPFACE=${2}
# Order is important - start the pipeline (kafka) first, fsf is before bro because it bro submits files to it, etc...
export CONTAINERS="kafka elasticsearch graylog fsf ids rita prometheus fouroneone"
export CONTAINERS="kafka elasticsearch logstash fsf ids rita prometheus fouroneone"
for CON in ${CONTAINERS}; do
lxc profile copy default ${CON}