kris/graylog_demo
1
0
Fork 0
mirror of https://github.com/krislamo/graylog_demo synced 2026-01-11 13:53:16 +00:00
Code Issues Releases Wiki Activity

Compare commits

merge into: kris:secforward
Branches Tags
kris:master kris:testing kris:secforward kris:certs kris:tls
...
pull from: kris:tls
Branches Tags
kris:master kris:testing kris:secforward kris:certs kris:tls

5 Commits
secforward ... tls

Author SHA1 Message Date
Kris Lamoureux
8543cb16d2 eh 2020-03-03 13:53:20 -05:00
Kris Lamoureux
2514ce237a Try gelf 3.0.0 2020-03-03 12:25:05 -05:00
Kris Lamoureux
5f71014caa works 2020-03-02 18:18:55 -05:00
Kris Lamoureux
724704c888 Not working. Errors 2020-03-02 16:10:08 -05:00
Kris Lamoureux
ec3eaebf35 Create and sign TLS certs 2020-03-02 14:22:58 -05:00
5 changed files with 53 additions and 13 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1 +1,2 @@
.vagrant .vagrant
pki

51
Vagrantfile vendored
View File

@@ -62,6 +62,32 @@ Vagrant.configure("2") do |config|
# Start compose services and add default input # Start compose services and add default input
config.vm.provision "shell", inline: <<-SHELL config.vm.provision "shell", inline: <<-SHELL
# Remove old keys and create directories
mkdir -p /vagrant/pki
rm -r /vagrant/pki/*
mkdir -p /vagrant/pki/{fluentd,graylog}
# Generate and install TLS keys
cd /vagrant/pki
# Generate Graylog's CA
openssl genrsa -out rootCA.key 4096 2> /dev/null
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 \
-out rootCA.crt -subj "/C=US/ST=GA/O=MyOrg/CN=localhost" 2> /dev/null
# Generate Fluentd's keys
openssl genrsa -out fluentd.key 4096 2> /dev/null
openssl req -new -sha256 -key fluentd.key \
-subj "/C=US/ST=GA/O=MyOrg/CN=localhost" -out fluentd.csr 2> /dev/null
# Sign Fluentd's certificate
openssl x509 -req -in fluentd.csr -CA rootCA.crt -CAkey rootCA.key \
-CAcreateserial -out fluentd-signed.crt -days 500 -sha256 2> /dev/null
mv fluentd*.* fluentd/
mv root*.* graylog/
# Bring up containers # Bring up containers
cd /vagrant cd /vagrant
/usr/local/bin/docker-compose up -d 2> /dev/null /usr/local/bin/docker-compose up -d 2> /dev/null
@@ -70,6 +96,7 @@ Vagrant.configure("2") do |config|
cd /vagrant cd /vagrant
# Wait 120 seconds for Graylog to come online # Wait 120 seconds for Graylog to come online
INSTALL_INPUT=0
SECONDS=0 SECONDS=0
while true while true
do do
@@ -79,17 +106,18 @@ Vagrant.configure("2") do |config|
if [[ "$GRAYLOG_STATE" == "healthy" ]]; then if [[ "$GRAYLOG_STATE" == "healthy" ]]; then
echo "Graylog is available." echo "Graylog is available."
INSTALL_INPUT=1
sleep 5 sleep 5
break break
elif [[ "$GRAYLOG_STATE" != "starting" ]]; then elif [[ "$GRAYLOG_STATE" != "starting" ]]; then
echo "Something is wrong with Graylog. Aborting." echo "Something is wrong with Graylog. Aborting."
exit 1 break
elif [[ $SECONDS -le 120 ]]; then elif [[ $SECONDS -le 120 ]]; then
echo "Waiting for Graylog ($SECONDS/120 seconds)" echo "Waiting for Graylog ($SECONDS/120 seconds)"
sleep 10 sleep 10
else else
echo "Waiting on Graylog timed out. Aborting." echo "Waiting on Graylog timed out. Aborting."
exit 1 break
fi fi
done done
@@ -106,17 +134,22 @@ Vagrant.configure("2") do |config|
for TYPE in $INPUT_TYPES; do for TYPE in $INPUT_TYPES; do
if [[ "$TYPE" == "org.graylog2.inputs.gelf.tcp.GELFTCPInput" ]]; then if [[ "$TYPE" == "org.graylog2.inputs.gelf.tcp.GELFTCPInput" ]]; then
echo "Found GELF TCP input in Graylog, aborting input installation." echo "Found GELF TCP input in Graylog, aborting input installation."
exit INPUT_INSTALL=1
break
fi fi
done done
# Install GELF TCP Input # Install GELF TCP Input
curl -i -s -X POST \ if [[ $INSTALL_INPUT -eq 1 ]]; then
-H "Content-Type: application/json" \ echo "Installing GELF TCP input"
-H "X-Requested-By: cli" \ curl -i -s -X POST \
-u admin:admin \ -H "Content-Type: application/json" \
"http://graylog.172.28.128.30.xip.io:8080/api/system/inputs" \ -H "X-Requested-By: cli" \
-d @GELFTCPInput.json -u admin:admin \
"http://graylog.172.28.128.30.xip.io:8080/api/system/inputs" \
-d @GELFTCPInput.json
fi
SHELL SHELL
end end

3
docker-compose.yml
View File

@@ -30,6 +30,7 @@ services:
restart: always restart: always
volumes: volumes:
- /var/log:/var/log/hostlogs - /var/log:/var/log/hostlogs
- /vagrant/pki/fluentd:/fluentd/etc/pki
networks: networks:
- graylog - graylog
ports: ports:
@@ -88,6 +89,8 @@ services:
- 12201:12201 - 12201:12201
# GELF UDP # GELF UDP
- 12201:12201/udp - 12201:12201/udp
volumes:
- /vagrant/pki/graylog:/usr/share/graylog/pki
networks: networks:
traefik-net: traefik-net:

6
fluentd/Dockerfile
View File

@@ -3,8 +3,8 @@ USER root
RUN apt-get update \ RUN apt-get update \
&& apt-get -y install --no-install-recommends wget \ && apt-get -y install --no-install-recommends wget \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
RUN gem uninstall gelf -v 3.1.0
RUN gem install gelf -v 3.0.0
RUN gem install fluent-plugin-rewrite-tag-filter RUN gem install fluent-plugin-rewrite-tag-filter
RUN gem install gelf RUN gem install fluent-plugin-gelf-hs
RUN cd /fluentd/plugins \
&& wget -q https://raw.githubusercontent.com/emsearcy/fluent-plugin-gelf/master/lib/fluent/plugin/out_gelf.rb
COPY fluent.conf /fluentd/etc/ COPY fluent.conf /fluentd/etc/

5
fluentd/fluent.conf
View File

@@ -42,8 +42,11 @@
<match **> <match **>
@type gelf @type gelf
protocol tcp
host vagrant_graylog_1 host vagrant_graylog_1
port 12201 port 12201
protocol tcp
tls true
tls_options {"cert":"/fluentd/etc/pki/fluentd-signed.crt",
"key":"/fluentd/etc/pki/fluentd.key"}
flush_interval 5s flush_interval 5s
</match> </match>