-
Notifications
You must be signed in to change notification settings - Fork 68
Environment Variables
The .env file contains all environmental variables and should be the only thing you need to change or modify to use this project.
The default
.envfile is for a system with atleast 8GB of RAM available. You may need to adjust theHEAPconfiguration variables based on your systems specs. If you have only 4GB then cut these in half.
ELK_VERSION=7.9.0
ELASTIC_USERNAME="elastic"
ELASTIC_PASSWORD="some_password"
# Configuration Variables
ELASTICSEARCH_HEAP="2g"
LOGSTASH_HEAP="1g"
PACKETBEAT_HEAP="256m"
FILEBEAT_HEAP="256m"
XPACK_ENCRYPTION_KEY="somesuperlongstringlikethisoneMQBbtsynu4bV2uxLy"
# Self signed TLS certificates
CA_PASSWORD="some password"
CA_DN="CN=Elastic Certificate Tool Autogenerated CA"
CA_DAYS=3650
ELASTIC_DIR=/usr/share/elasticsearch
LOGSTASH_DIR=/usr/share/logstash
KIBANA_DIR=/usr/share/kibana
PACKETBEAT_DIR=/usr/share/packetbeat
FILEBEAT_DIR=/usr/share/filebeat
Below are details about what each variable means in the context of this project:
This is the version of Elastic that will be used with all containers. If you started to use 7.8.0 and then wanted to upgrade to 7.9.0 you can do so by specifying whatever version you want. Once you have done this, then you can run docker-compose build and it will rebuild the containers using the prescribed version. Next just run docker-compose up -d and wait until your services are back up and running.
This is the name of the Elastic user account that you have defined. You can leave this as it's default, since elastic is a default account.
The password you want to use for the elastic user. By default this password will be used for all services, and this is completely fine for playing around and trying it out. If you are planning on using this in production, then please see notes about CERTIFICATES.
This is the amount of memory used by Elasticsearch to do it's job. Keep this in mind when playing around.
This is the amount of memory used by Logstash to process and receive logs from your sources (e.g. packetbeat, filebeat, etc.). So depending on the size of your logging whether in production or just playing around on your network, keep this in mind. For a demo environment, 1GB is plenty but you can increase as needed.
If using a single system (basically not capturing your entire network) then 256MB is plenty of HEAP. Adjust if you start to see issues with capturing of flow traffic.
This is definitely plently memory unless you are sending massive files using filebeat. If so increase if needed.
This encryption key is used to enable Security features within Kibana SIEM. Set this to a long random value (e.g. a SHA256/SHA512 would work).
This is the password that is used when generating your self-signed Certificate Authority.
The Domain name that generated this Certificate Authority certificate. This should be left the default value but you can change it - I just haven't fully tested what happens :)
This really doesn't matter, but it's the length that the certificate will expire.
The additional variables are where certificates, configuration files, etc. will be copied to inside of each services container. These can be changed but probably best to leave these as default.