Maxmind geoip volume mount in docker-compose

pfelk / docker

Deploy pfelk with docker-compose

Apache License 2.0

56 stars 20 forks source link

Maxmind geoip volume mount in docker-compose #42

Closed panks21 closed 1 year ago

panks21 commented 2 years ago

Not an issue but a question. Where do we setup the maxmind geoip in the docker-compose file??

a3ilson commented 2 years ago

You would need to amend the docker-compose.yml file (after line 231). Adding the location of the maxmind databases. Then you’d need to amend the 30-geoip.pfelk file, pointing to the alternate location (eg maxmind database files).

charlesw23 commented 1 year ago

looks like this..

logstash: depends_on:

es03 container_name: logstash build: context: logstash/ args: ELK_VERSION: $ELK_VERSION environment: LS_JAVA_OPTS: -Xmx1G -Xms1G restart: unless-stopped volumes:
./certs:/certs:z
./etc/logstash/config/:/usr/share/logstash/config:ro
./etc/pfelk/conf.d/:/etc/pfelk/conf.d:ro
./etc/pfelk/patterns/:/etc/pfelk/patterns:ro
./etc/pfelk/databases/:/etc/pfelk/databases:ro
/usr/share/GeoIP/:/var/lib/GeoIP/ ports:
5140:5140/udp networks:
elastic

a3ilson commented 1 year ago

@charlesw23

The following ought to work given that GeoIP is installed at /usr/share/GeoIP but I believe the default location is /var/lib/GeoIP/ In addition to the amendment within the .yml you'll need to uncommit the #MRM# from the 30-geoip.pfelk file.

volumes:
- ./certs:/certs:z
- ./etc/logstash/config/:/usr/share/logstash/config:ro
- ./etc/pfelk/conf.d/:/etc/pfelk/conf.d:ro
- ./etc/pfelk/patterns/:/etc/pfelk/patterns:ro
- ./etc/pfelk/databases/:/etc/pfelk/databases:ro
- /usr/share/GeoIP/:/var/lib/GeoIP:ro
ports: