OPNsense Elastic Search

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen

Vorraussetzungen

  • 32 GB RAM
  • 32 GB Festplattenspeicher für Docker und ELK-Stack

Swap für mehr Stabilität entfernen

  • swapoff -a
  • vim /etc/fstab # swap entfernen

Maximale Memory Maps erhöhen

  • vim /etc/sysctl.conf
vm.max_map_count=262144
  • sysctl -p

Konfigurationsdateien herunterladen

  • mkdir -p /etc/openelk/{conf.d,config,logs,databases,patterns,scripts,templates}
  • vim install-script.sh
#!/bin/bash
wget -q https://raw.githubusercontent.com/pfelk/pfelk/main/.env -P /etc/openelk/docker/
wget -q https://raw.githubusercontent.com/pfelk/pfelk/main/docker-compose.yml -P /etc/openelk/docker/
wget -q https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/config/logstash.yml -P /etc/openelk/config/
wget -q https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/config/pipelines.yml -P /etc/openelk/config/
wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/01-inputs.pfelk -P /etc/openelk/conf.d/
wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/02-firewall.pfelk -P /etc/openelk/conf.d/
wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/05-apps.pfelk -P /etc/openelk/conf.d/
wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/30-geoip.pfelk -P /etc/openelk/conf.d/
wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/49-cleanup.pfelk -P /etc/openelk/conf.d/
wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/50-outputs.pfelk -P /etc/openelk/conf.d/
wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/20-interfaces.pfelk -P /etc/openelk/conf.d/
wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/35-rules-desc.pfelk -P /etc/openelk/conf.d/
wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/36-ports-desc.pfelk -P /etc/openelk/conf.d/
wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/37-enhanced_user_agent.pfelk -P /etc/openelk/conf.d/
wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/38-enhanced_url.pfelk -P /etc/openelk/conf.d/
wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/conf.d/45-enhanced_private.pfelk -P /etc/openelk/conf.d/
wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/patterns/pfelk.grok -P /etc/openelk/patterns/
wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/patterns/openvpn.grok -P /etc/openelk/patterns/
wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/databases/private-hostnames.csv -P /etc/openelk/databases/
wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/databases/rule-names.csv -P /etc/openelk/databases/
wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/databases/service-names-port-numbers.csv -P /etc/openelk/databases/
Abgerufen von „http://wiki.ixheim.de/index.php?title=OPNsense_Elastic_Search&oldid=51425