Merge pull request #192 from wazuh/issue-191

Changing Filebeat configuration if environment variable is set
wazuh · Jun 18, 2019 · 3aff6de · 3aff6de
2 parents ad4084a + 8a62258
commit 3aff6de
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 20 deletions.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -11,20 +11,6 @@ services:
       - "1515:1515"
       - "514:514/udp"
       - "55000:55000"
-    depends_on:
-      - logstash
-  logstash:
-    image: wazuh/wazuh-logstash:3.9.2_7.1.1
-    hostname: logstash
-    restart: always
-    links:
-      - elasticsearch:elasticsearch
-    ports:
-      - "5000:5000"
-    depends_on:
-      - elasticsearch
-    environment:
-      - LS_HEAP_SIZE=2048m
   elasticsearch:
     image: wazuh/wazuh-elasticsearch:3.9.2_7.1.1
     hostname: elasticsearch

diff --git a/kibana/config/xpack_config.sh b/kibana/config/xpack_config.sh
@@ -10,7 +10,6 @@ then
     [xpack.searchprofiler.enabled]=$XPACK_DEVTOOLS
     [xpack.ml.enabled]=$XPACK_ML
     [xpack.canvas.enabled]=$XPACK_CANVAS
-    [xpack.logstash.enabled]=$XPACK_LOGS
     [xpack.infra.enabled]=$XPACK_INFRA
     [xpack.monitoring.enabled]=$XPACK_MONITORING
     [console.enabled]=$XPACK_DEVTOOLS
@@ -29,7 +28,6 @@ xpack.grokdebugger.enabled: $XPACK_DEVTOOLS
 xpack.searchprofiler.enabled: $XPACK_DEVTOOLS
 xpack.ml.enabled: $XPACK_ML
 xpack.canvas.enabled: $XPACK_CANVAS
-xpack.logstash.enabled: $XPACK_LOGS
 xpack.infra.enabled: $XPACK_INFRA
 xpack.monitoring.enabled: $XPACK_MONITORING
 console.enabled: $XPACK_DEVTOOLS

diff --git a/wazuh/Dockerfile b/wazuh/Dockerfile
@@ -32,6 +32,7 @@ COPY config/init.bash /init.bash
 RUN mkdir /entrypoint-scripts
 COPY config/entrypoint.sh /entrypoint.sh
 COPY config/00-wazuh.sh /entrypoint-scripts/00-wazuh.sh
+COPY config/01-config_filebeat.sh /entrypoint-scripts/01-config_filebeat.sh
 
 # Sync calls are due to https://github.com/docker/docker/issues/9547
 RUN chmod 755 /init.bash && \
@@ -40,10 +41,11 @@ RUN chmod 755 /init.bash && \
    curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-amd64.deb &&\
    dpkg -i filebeat-${FILEBEAT_VERSION}-amd64.deb && rm -f filebeat-${FILEBEAT_VERSION}-amd64.deb && \
    chmod 755 /entrypoint.sh && \
-   chmod 755 /entrypoint-scripts/00-wazuh.sh 
+   chmod 755 /entrypoint-scripts/00-wazuh.sh && \
+   chmod 755 /entrypoint-scripts/01-config_filebeat.sh
 
 COPY config/filebeat.yml /etc/filebeat/
-RUN chmod go-w /etc/filebeat/filebeat.yml 
+RUN chmod go-w /etc/filebeat/filebeat.yml
 
 # Setting volumes
 VOLUME ["/var/ossec/data"]
@@ -75,5 +77,4 @@ ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/e
 RUN chmod go-w /etc/filebeat/wazuh-template.json 
 
 # Run all services
-ENTRYPOINT ["/entrypoint.sh"]
-
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/wazuh/config/01-config_filebeat.sh b/wazuh/config/01-config_filebeat.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+
+set -e
+
+# Modify the output to Elasticsearch if th ELASTICSEARCH_URL is set
+if [ "$ELASTICSEARCH_URL" != "" ]; then
+  >&2 echo "Customize Elasticsearch ouput IP."
+  sed -i 's|http://elasticsearch:9200|'$ELASTICSEARCH_URL'|g' /etc/filebeat/filebeat.yml
+fi