This repository shows how to deploy the ELK stack and configure OPNsense and to send syslogs
and NetFlow Records
to it.
- Change the passwords in the
.env
file. docker compose up setup
docker compose up -d
.- Give Kibana about a minute to initialize
- Configure the ELK stack integrations as documented here
- Configure the OPNsense as documented here.
- Go to the
Dashboards
section inKibana
and you will find pre-built dashboards that come with the implemented ELK integrations
By default, the stack exposes the following ports:
- 9200: Elasticsearch HTTP
- 9300: Elasticsearch TCP transport
- 5601: Kibana
- 9001: pfsense integration UDP
- 2055: netflow integration UDP
Warning
Elasticsearch's [bootstrap checks][bootstrap-checks] were purposely disabled to facilitate the setup of the Elastic stack in development environments. For production setups, we recommend users to set up their host according to the instructions from the Elasticsearch documentation: [Important System Configuration][es-sys-config].
For the extended documentation please visit deviantony/docker-elk