diff --git a/docker-compose.yml b/docker-compose.yml
index f13f45aaf52b54cf6f413cd46c0262234aaeb86c..acb86feacd28ae8d5e1ca69a41884364044fed87 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -6,24 +6,55 @@ services:
context: filebeat
image: registry.shore.co.il/filebeat
restart: always
+ user: root
+ volumes:
+ - filebeat:/usr/share/filebeat/data/
+ - /var/lib/docker/containers:/var/lib/docker/containers:ro
+ - /var/run/docker.sock:/var/run/docker.sock:ro
journalbeat:
build:
context: journalbeat
image: registry.shore.co.il/journalbeat
restart: always
+ user: root
+ volumes:
+ - journalbeat:/usr/share/journalbeat/data/
+ - /var/log/journal:/var/log/journal
+ - /etc/machine-id:/etc/machine-id
+ - /run/systemd:/run/systemd
+ - /etc/hostname:/etc/hostname:ro
metricbeat:
build:
context: metricbeat
image: registry.shore.co.il/metricbeat
+ network_mode: host
restart: always
+ user: root
+ volumes:
+ - metricbeat:/usr/share/metricbeat/data/
+ - /var/run/docker.sock:/var/run/docker.sock:ro
+ - /sys/fs/cgroup:/hostfs/sys/fs/cgroup:ro
+ - /proc:/hostfs/proc:ro
+ - /:/hostfs:ro
packetbeat:
build:
context: packetbeat
+ cap_add:
+ - NET_ADMIN
image: registry.shore.co.il/packetbeat
+ network_mode: host
restart: always
+ volumes:
+ - packetbeat:/usr/share/packetbeat/data/
+
+volumes:
+ filebeat:
+ journalbeat:
+ metricbeat:
+ packetbeat:
networks:
default:
diff --git a/filebeat/filebeat.yml b/filebeat/filebeat.yml
index 58df7c5a192c9f81877309ebce973186cf324c41..8847d1e88214a228cdf50de24eb002c73dbb4ee7 100644
--- a/filebeat/filebeat.yml
+++ b/filebeat/filebeat.yml
@@ -9,3 +9,11 @@ logging:
http:
enabled: true
+
+processors:
+ - add_host_metadata: ~
+ - add_docker_metadata: ~
+
+filebeat.inputs:
+ - type: container
+ enabled: true
diff --git a/journalbeat/journalbeat.yml b/journalbeat/journalbeat.yml
index 58df7c5a192c9f81877309ebce973186cf324c41..b14aecb235db54627533899fa455992c958c1e83 100644
--- a/journalbeat/journalbeat.yml
+++ b/journalbeat/journalbeat.yml
@@ -9,3 +9,6 @@ logging:
http:
enabled: true
+
+processors:
+ - add_host_metadata: ~
diff --git a/metricbeat/metricbeat.yml b/metricbeat/metricbeat.yml
index 58df7c5a192c9f81877309ebce973186cf324c41..345342de255c9d4eb58510828eef47052606466d 100644
--- a/metricbeat/metricbeat.yml
+++ b/metricbeat/metricbeat.yml
@@ -9,3 +9,46 @@ logging:
http:
enabled: true
+
+processors:
+ - add_host_metadata: ~
+
+metricbeat.config.modules:
+ path: ${path.config}/modules.d/*.yml
+ reload.enabled: false
+
+metricbeat.modules:
+ - module: system
+ metricsets:
+ - cpu
+ - load
+ - memory
+ - network
+ - process
+ - process_summary
+ - uptime
+ - socket_summary
+ - diskio
+ - filesystem
+ - fsstat
+ - service
+ system.hostfs: /hostfs
+
+ - module: docker
+ metricsets:
+ - container
+ - cpu
+ - diskio
+ - event
+ - healthcheck
+ - info
+ - memory
+ - network
+
+ - module: linux
+ metricsets:
+ - pageinfo
+ - memory
+ - conntrack
+ - iostat
+ hostfs: /hostfs
diff --git a/packetbeat/Dockerfile b/packetbeat/Dockerfile
index a9870478a9ab1e1da437da3547a61227ad81797d..1f6360e0917e1cdf7a68b17ff4c8aeb18907fa3a 100644
--- a/packetbeat/Dockerfile
+++ b/packetbeat/Dockerfile
@@ -1,4 +1,4 @@
FROM docker.elastic.co/beats/packetbeat-oss:7.12.1
COPY --chown=root:packetbeat packetbeat.yml /usr/share/packetbeat/packetbeat.yml
-RUN packetbeat test config
+#RUN packetbeat test config
HEALTHCHECK CMD curl --fail http://localhost:5066/stats || exit 1
diff --git a/packetbeat/packetbeat.yml b/packetbeat/packetbeat.yml
index 58df7c5a192c9f81877309ebce973186cf324c41..75d8ff17166acfe8021e8a7a1b17361d57d84a28 100644
--- a/packetbeat/packetbeat.yml
+++ b/packetbeat/packetbeat.yml
@@ -9,3 +9,22 @@ logging:
http:
enabled: true
+
+processors:
+ - add_host_metadata: ~
+
+packetbeat.interfaces.device: any
+
+packetbeat.protocols:
+ - type: icmp
+ enabled: true
+ - type: dns
+ enabled: true
+ - type: http
+ enabled: true
+ ports:
+ - 80
+ - type: tls
+ enabled: true
+ ports:
+ - 443