Added Documentation for Sending Logs from ModSecurity to ELK

[fzipi]

@tulja This seems very good. I think that it should be better to have less interaction with the dockers, the installation process will be simpler.

• Creating a subdirectory for the extending the modsecurity container:

  mkdir modsec_elk/waf_filebeat
  mv modsec_elk/filebeat.xml modsec_elk/waf_filebeat
  cat > modsec_elk/waf_filebeat/Dockerfile <<EOF
  FROM owasp/modsecurity-crs
  ...
  RUN wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
  RUN echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
  RUN apt-get update && apt-get install -y filebeat  && rm -rf /var/lib/apt/lists/*
  ...
  COPY filebeat.yml /etc/filebeat/filebeat.yml
  ...
  (other steps for creating a self-contained docker)

  Then modify docker-compose like this:

  
  ...
  modsec_elk:
  links:
  - elk
  build: modsec_elk

To build the new, extended container, just use `docker-compose build`.

Links also has the property of defining that name inside the containers, so it will be available for use in the config files (you don't need or care about the IP address, just use `elk:5044`.

I have a couple additional comments, but need to board my flight :)

[tulja]

Thank you @fzipi for feedback. I'm done with the above changes. Please let me know the additional comments as well so I can incorporate those in my next PR.

[fzipi]

Thanks @tulja , will merge this PR now.