pfelk
Replies: 1 comment
-
|
@beneix - any luck? I'm working to refine and update the current docker-compose. pfELK reads the MaxMind databases via file path...might be best to download and create docker volume, |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am trying to install pfELK on a machine on my LAN (following the how-to for docker-compose and have a couple of questions:
My machine has modest hardware so I'd like to maximise performance. I thought that it would be a good idea to run pfELK on a single-node setup, so I wanted to modify the docker-compose.yml file accordingly. The only instruction I found on Github was to modify /etc/elasticsearch/elasticsearch.yml, but a) that file does not exist before you start the install and b) I would have thought that docker-compose.yml also needs to be modified. Do I need to change the create certs and environment sections, and if so how? Alternatively, if running three nodes does not consume more resources than a single node, please let me know.
Also, I'd like to set up MaxMind, and I'd like to do it on Docker since my machine is running Alpine Linux and I don't think there is a repository for MaxMind available. I have found a Docker container for the purpose, but I am not sure exactly how pfElk speaks to MaxMind so I need some more info to make sure the two can communicate. The pfELK how-to for MaxMind does not mention the required interface with MaxMind so I don't know what the prerequisite is when not installing MaxMind in the standard way.
Beta Was this translation helpful? Give feedback.
All reactions