SpecialistOff.NET / Вопросы / Статьи / Фрагменты кода / Резюме / Метки / Помощь / Файлы

Назад

OpenSearch: Установка и настройка

Метки: opensearch filebeat nftables nft

Установка

Docker

version: '3.9'

services:

  opensearch01:
    image: opensearchproject/opensearch:latest
    restart: always
    environment:
      - "DISABLE_INSTALL_DEMO_CONFIG=true"
      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
      - "DISABLE_SECURITY_PLUGIN=true"
      - "discovery.type=single-node"
    volumes:
      - ./opensearch/config/opensearch.yml:/usr/share/opensearch/config/opensearch.yml:ro
      - osdata01:/usr/share/opensearch/data
      - ./opensearch/ca.crt:/usr/share/opensearch/config/ca.crt
      - ./opensearch/node.crt:/usr/share/opensearch/config/node.crt
      - ./opensearch/node.key:/usr/share/opensearch/config/node.key
      - ./opensearch/admin.crt:/usr/share/opensearch/config/admin.crt
      - ./opensearch/admin.key:/usr/share/opensearch/config/admin.key
    ports:
      - "9200:9200"
      - "9300:9300"
      - "9600:9600"
    ulimits:
      nofile:
        soft: 65536
        hard: 65536

  dashboards:
    image: opensearchproject/opensearch-dashboards:latest
    restart: always
    environment:
      - 'OPENSEARCH_HOSTS=["http://opensearch01:9200"]'
      - "DISABLE_SECURITY_DASHBOARDS_PLUGIN=true"
    ports:
      - "5601:5601"
    depends_on:
      - opensearch01

  logstash:
    image: opensearchproject/logstash-oss-with-opensearch-output-plugin:7.16.2
    restart: always
    volumes:
      - ./logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:ro
      - ./logstash/pipeline:/usr/share/logstash/pipeline:ro
    ports:
      - "10.2.0.1:5044:5044"
    depends_on:
      - opensearch01

volumes:
  osdata01:

Filebeat

wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-oss-7.12.1-linux-x86_64.tar.gz
tar xzf filebeat-oss-7.12.1-linux-x86_64.tar.gz

nftables

cat << EOF | nft -f -
table inet filter {
    set logstash {
        type ipv4_addr
        elements = {
            10.10.0.1,
            20.20.0.20
        }
    }

    chain input {
        ip saddr @logstash tcp dport 5044 accept comment "Accept Logstash on port 5044";
    }
}
EOF

Настройка