search

defenxor / dsiem

Security event correlation engine for ELK stack
GNU General Public License v3.0
434 stars 101 forks source link

Disconnected from ES http://elasticsearch:9200: Error: No Living connections #470

Open priamai opened 1 year ago

priamai commented 1 year ago

Hi there, I have followed the instructions and also modified the docker composer file but I it seems like disem is unable to connect to the elasticsearch database. I don't see any errors in the logs so I am not sure what else to do.

image

CONTAINER ID   IMAGE                                                  COMMAND                  CREATED         STATUS         PORTS                                                 NAMES
a2527ee60473   defenxor/dsiem:latest                                  "/init"                  3 minutes ago   Up 3 minutes   0.0.0.0:8080->8080/tcp, :::8080->8080/tcp             dsiem
b4b3418e1c43   defenxor/suricata:1710                                 "/bin/bash -c 'chown…"   3 minutes ago   Up 3 minutes                                                         suricata
8959724c464e   docker.elastic.co/elasticsearch/elasticsearch:7.11.0   "/bin/tini -- /usr/l…"   3 minutes ago   Up 3 minutes   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp, 9300/tcp   elasticsearch
83e38b2213ad   defenxor/docker-logstash:7.11.0                        "/usr/local/bin/dock…"   3 minutes ago   Up 3 minutes   5044/tcp, 9600/tcp                                    logstash
07e8143e0a00   docker.elastic.co/kibana/kibana:7.11.0                 "/bin/tini -- /usr/l…"   3 minutes ago   Up 3 minutes   0.0.0.0:5601->5601/tcp, :::5601->5601/tcp             kibana
priamai commented 1 year ago 
version: "3"
services:

  elasticsearch:
    container_name: elasticsearch
    image: docker.elastic.co/elasticsearch/elasticsearch:7.11.0
    environment:
      - discovery.type=single-node
      - "ES_JAVA_OPTS=-Xms256m -Xmx256m"
      - cluster.routing.allocation.disk.threshold_enabled=false
      - xpack.security.enabled=false
      - xpack.monitoring.enabled=false
      - xpack.ml.enabled=false
      - xpack.graph.enabled=false
      - xpack.watcher.enabled=false
      - http.cors.enabled=true
      - http.cors.allow-origin=/https?:\/\/localhost(:[0-9]+)?/
    ports:
      - 9200:9200
    networks:
      - siemnet
    volumes:
      - es-data:/usr/share/elasticsearch/data

  logstash:
    container_name: logstash
    image: defenxor/docker-logstash:7.11.0
    command:
      - -f/etc/logstash/conf.d
    environment:
      - XPACK_MONITORING_ENABLED=false
    networks:
      - siemnet
    volumes:
      - ./conf/logstash/conf.d:/etc/logstash/conf.d
      - ./conf/logstash/index-template.d/es7:/etc/logstash/index-template.d

  kibana:
    container_name: kibana
    image: docker.elastic.co/kibana/kibana:7.11.0
    environment:
      - XPACK_MONITORING_ENABLED=false
    ports:
      - 5601:5601
    networks:
      - siemnet

  dsiem:
    container_name: dsiem
    image: defenxor/dsiem:latest
    ports:
      - "8080:8080"
    networks:
      - siemnet
    volumes:
      - dsiem-log:/dsiem/logs
    environment:
      - DSIEM_WEB_ESURL=http://elasticsearch:9200
      - DSIEM_WEB_KBNURL=http://kibana:5601

  filebeat:
    container_name: filebeat
    image: docker.elastic.co/beats/filebeat:7.11.0
    user: root
    networks:
      - siemnet
    volumes:
      - filebeat-data:/usr/share/filebeat/data
      - ./conf/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml
      - dsiem-log:/var/log/dsiem
      - suricata-log:/var/log/suricata

  filebeat-es:
    container_name: filebeat-es
    image: docker.elastic.co/beats/filebeat:7.11.0
    user: root
    networks:
      - siemnet
    volumes:
      - ./conf/filebeat-es/filebeat.yml:/usr/share/filebeat/filebeat.yml
      - ./conf/filebeat-es/fields.yml:/usr/share/filebeat/fields.yml
      - ./conf/filebeat-es/module:/usr/share/filebeat/module
      - ./conf/filebeat-es/modules.d:/usr/share/filebeat/modules.d
      - filebeat-es-data:/usr/share/filebeat/data
      - dsiem-log:/var/log/dsiem

  suricata:
    container_name: suricata
    image: defenxor/suricata:1710
    network_mode: "host"
    cap_add:
      - NET_ADMIN
      - SYS_NICE
      - NET_RAW
    command:
      [
        "/bin/bash",
        "-c",
        "chown -R suri /var/log/suricata && /usr/bin/suricata -v -i ${PROMISC_INTERFACE}"
      ]
    volumes:
      - suricata-log:/var/log/suricata

volumes:
  filebeat-es-data:
  filebeat-data:
  es-data:
  dsiem-log:
  suricata-log:
networks:
  siemnet:
priamai commented 1 year ago

I can also confirm that both ES and Kibana are actually running without any errors.