search

pfelk / docker

Deploy pfelk with docker-compose
Apache License 2.0
56 stars 20 forks source link

Thanks for product, question on config #33

Closed travisboss closed 2 years ago

travisboss commented 2 years ago

I read in another issue about updating the config for naming and interfaces. I tried renaming since it only reconizes my instance as opnsense but it is in fact a pfsense instance and also tried naming each interface and vlans but the settings do not seem to stick on docker-compose restart is there something else I should be doing to get the names to match?

Also it looks like so far in the container all configuration is pre done? All I did was start the instance and everything shows up just fine.

And I noticed I can only send BSD syslog, when I try syslog format I get nothing.

Thanks!

a3ilson commented 2 years ago

@travisboss - you'll need to update 02-types.conf and specifically lines 15/26. That is where you can change the values of the observer.* fields.

a3ilson commented 2 years ago

I just fixed the issue with the log formats on the main repo....give me a few and I'll fix the docker

travisboss commented 2 years ago

@a3ilson I just also noticed for anyone who tries to grab all this from the zip file everything in there is very old compared to what is listed in this repo.

a3ilson commented 2 years ago

@a3ilson I just also noticed for anyone who tries to grab all this from the zip file everything in there is very old compared to what is listed in this repo.

Fixed/thanks!

travisboss commented 2 years ago

@a3ilson 

{"type":"log","@timestamp":"2021-10-19T01:43:43+00:00","tags":["info","savedobjects-service"],"pid":1219,"message":"Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations..."}
{"type":"log","@timestamp":"2021-10-19T01:43:46+00:00","tags":["error","savedobjects-service"],"pid":1219,"message":"Unable to retrieve version information from Elasticsearch nodes. connect ECONNREFUSED 172.20.0.3:9200"}
{"type":"log","@timestamp":"2021-10-19T01:44:42+00:00","tags":["error","savedobjects-service"],"pid":1219,"message":"Unable to retrieve version information from Elasticsearch nodes. getaddrinfo ENOTFOUND es01"}
{"type":"log","@timestamp":"2021-10-19T01:44:43+00:00","tags":["error","savedobjects-service"],"pid":1219,"message":"Unable to retrieve version information from Elasticsearch nodes. connect ECONNREFUSED 172.20.0.3:9200"}
{"type":"log","@timestamp":"2021-10-19T01:45:23+00:00","tags":["error","savedobjects-service"],"pid":1219,"message":"Unable to retrieve version information from Elasticsearch nodes. getaddrinfo ENOTFOUND es01"}
{"type":"log","@timestamp":"2021-10-19T01:45:26+00:00","tags":["error","savedobjects-service"],"pid":1219,"message":"Unable to retrieve version information from Elasticsearch nodes. connect ECONNREFUSED 172.20.0.3:9200"}

Getting this error?

a3ilson commented 2 years ago

@travisboss - still having the same issue?

I will likely delete this repo as have got everything to work with the main repo with and without docker utilizing the same files.