search

pblittle / docker-logstash

Docker image for Logstash 1.4
https://hub.docker.com/r/pblittle/docker-logstash
MIT License
236 stars 90 forks source link

No logstash ports exposed? #43

Closed ofir-petrushka closed 9 years ago

ofir-petrushka commented 9 years ago

Shouldn't we be exposing ports 3333 and 3334 if this is a logstash server image?

    tcp { port => 3333 type => "text event"}
    tcp { port => 3334 type => "json event" codec => json_lines {}

-- http://fruch.github.io/blog/2014/10/30/ELK-is-fun/

ofir-petrushka commented 9 years ago

Official docs also give example on port 3333 http://logstash.net/docs/1.4.2/tutorials/10-minute-walkthrough/

pblittle commented 9 years ago

@ofir-rounds sorry I'm just now getting back to you. The omission of the ports you noted was intentional. Everyone has different requirements. In your case, if I open 3333 or 3334 it might break someone else's security policy.

I think your best best is to either create a new Dockerfile and pull this project in using FROM pblittle/docker-logstash or just add the ports using the -p flag when you run your build.

Does that make sense and fit your use case?

ofir-petrushka commented 9 years ago

Hi @pblittle,

I am still kinda new to logstash, I was looking for the default input ports and assumed these are it.

I was trying to understand it all by reading your docker file, it's like: Kinbana - 9292 Internal Elastic Search - 9200 (won't use) Input to logstash - ???? So if no default way to input data to logstash?

You seemed to have the most detailed README with the "logstash" docker image, so I tried to work with that. I am trying the one docker = one process - it's not a VM, so I created separate docker files...

Generally you can "Expose" as many ports as you like, it doesn't mean much, it's more of a hint to the operator. So it's not a security issue. "Note: EXPOSE doesn't define which ports can be exposed to the host or make ports accessible from the host by default. To expose ports to the host, at runtime, use the -p flag or the -P flag." -- https://docs.docker.com/reference/builder/#expose

Anyway thanks, it gave me a jump start for what I needed even if I didn't exactly fork or reused as is.

pblittle commented 9 years ago

@ofir-rounds, have you considered using logstash-forwarder? Or maybe just Syslog over UDP?

ofir-petrushka commented 9 years ago

We are using that logstash-forwarder.

pblittle commented 9 years ago

@ofir-rounds, that's cool. So you should be good with EXPOSE 5043, right?

Also, this isn't documented, but you can easily pass your keys into the container [1] by setting the LF_SSL_CERT_KEY_URL and LF_SSL_CERT_URL env vars.

[1] https://github.com/pblittle/docker-logstash/blob/develop/1.4/base/logstash-forwarder.sh