OPNsense Elastic Search: Unterschied zwischen den Versionen

@@ Zeile 1: / Zeile 1: @@
-= Vorraussetzungen =
+*[[OPNsense Elastic Search mit PFELK]]
-* 32 GB RAM
+*[[OPNsense Elastic Search Anbindung]]
-* 32 GB Festplattenspeicher für Docker und ELK-Stack
+*[[OPNsense Kibana Discover]]
+*[[ELK Übungen]]
-= Swap für mehr Stabilität entfernen =
-* '''swapoff -a'''
-* '''vim /etc/fstab''' # swap entfernen
-= Maximale Memory Maps erhöhen =
-* '''vim ''/etc/sysctl.conf'' '''
- vm.max_map_count=262144
-* '''sysctl -p'''
-= Konfigurationsdateien herunterladen =
-* '''mkdir -p /etc/openelk/{conf.d,config,logs,databases,patterns,scripts,templates}'''
-* '''vim ''install-script.sh'' '''
- #!/bin/bash
- wget -q https://raw.githubusercontent.com/pfelk/pfelk/main/.env -P /etc/openelk/docker/
- wget -q https://raw.githubusercontent.com/pfelk/pfelk/main/docker-compose.yml -P /etc/openelk/docker/
- wget -q https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/config/logstash.yml -P /etc/openelk/config/
- wget -q https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/config/pipelines.yml -P /etc/openelk/config/
- wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/01-inputs.pfelk -P /etc/openelk/conf.d/
- wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/02-firewall.pfelk -P /etc/openelk/conf.d/
- wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/05-apps.pfelk -P /etc/openelk/conf.d/
- wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/30-geoip.pfelk -P /etc/openelk/conf.d/
- wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/49-cleanup.pfelk -P /etc/openelk/conf.d/
- wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/50-outputs.pfelk -P /etc/openelk/conf.d/
- wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/20-interfaces.pfelk -P /etc/openelk/conf.d/
- wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/35-rules-desc.pfelk -P /etc/openelk/conf.d/
- wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/36-ports-desc.pfelk -P /etc/openelk/conf.d/
- wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/37-enhanced_user_agent.pfelk -P /etc/openelk/conf.d/
- wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/38-enhanced_url.pfelk -P /etc/openelk/conf.d/
- wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/45-enhanced_private.pfelk -P /etc/openelk/conf.d/
- wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/patterns/pfelk.grok -P /etc/openelk/patterns/
- wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/patterns/openvpn.grok -P /etc/openelk/patterns/
- wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/databases/private-hostnames.csv -P /etc/openelk/databases/
- wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/databases/rule-names.csv -P /etc/openelk/databases/
- wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/databases/service-names-port-numbers.csv -P /etc/openelk/databases/
-= Konfiguration anpassen =
-* '''vim ''/etc/openelk/docker/.env'' '''
- ...
- ELASTIC_PASSWORD=...
- ...
- KIBANA_PASSWORD=...
- ...
- LOGSTASH_PASSWORD=...
- ...
- ES_MEM_LIMIT=16g
- KB_MEM_LIMIT=2g
- LS_MEM_LIMIT=8g
-* '''vim ''/etc/openelk/conf.d/50-outputs.pfelk'' '''
- output {
-   elasticsearch {
-     data_stream => "true"
-     data_stream_type => "logs"
-     data_stream_dataset => "pfelk"
-     ### X-Pack Security Method ###
-     #[DOCKER]# hosts => ["https://es01:9200"]
-     #[DOCKER]# ssl => true
-     [DOCKER]# cacert => '/usr/share/logstash/config/certs/ca/ca.crt'
-     hosts => ["https://localhost:9200"]
-     #cacert => '/etc/logstash/config/certs/http_ca.crt' #[Disable if using Docker]
-     user => "elastic"
-     password => "..."
-   }
- }
-= Links =
-* https://github.com/pfelk/pfelk

OPNsense Elastic Search: Unterschied zwischen den Versionen

Aktuelle Version vom 14. September 2025, 12:12 Uhr

Navigationsmenü

Suche