FreeIPA centralized logging
REK Docker server
dasar
docker container run -d \
--name freeipa-rek \
-p 514:514 \
-p 514:514/udp \
-p 5601:5601 \
-v /etc/localtime:/etc/localtime:ro \
-v ~/freeipa-docker/elasticsearch:/var/lib/elasticsearch \
pschiffe/rsyslog-elasticsearch-kibana
docker container run -ti --rm \
--name freeipa-rek \
--user "$(id -u):$(id -g)" \
-p 514:514 \
-p 514:514/udp \
-p 5601:5601 \
-v /etc/localtime:/etc/localtime:ro \
-v ~/freeipa-docker/elasticsearch:/var/lib/elasticsearch \
pschiffe/rsyslog-elasticsearch-kibana
dengan volume
percobaan
docker container run -ti --rm \
--name freeipa-rek \
-p 514:514 \
-p 514:514/udp \
-p 5601:5601 \
-v /etc/localtime:/etc/localtime:ro \
-v rekdata:/var/lib/elasticsearch \
pschiffe/rsyslog-elasticsearch-kibana
berjalan dilatar dengan docker volume
docker container run -d \
--name freeipa-rek \
-p 514:514 \
-p 514:514/udp \
-p 5601:5601 \
-v /etc/localtime:/etc/localtime:ro \
-v rekdata:/var/lib/elasticsearch \
pschiffe/rsyslog-elasticsearch-kibana
memantau log
docker container logs -f freeipa-rek
percobaan dengan pengguna host
docker run -it --rm --user root pschiffe/rsyslog-elasticsearch-kibana
docker run -it --rm --user 1000:1000 pschiffe/rsyslog-elasticsearch-kibana
docker run -it --rm --user "$(id -u):$(id -g)" -v /etc/passwd:/etc/passwd:ro pschiffe/rsyslog-elasticsearch-kibana
cara lain dengan
docker volume create rekdata
docker container run -ti --rm -v rekdata:/var/lib/elasticsearch pschiffe/rsyslog-elasticsearch-kibana
docker container run -ti --rm -v rekdata:/var/lib/elasticsearch bash chown -Rv 1000:1000 /var/lib/elasticsearch
docker container run -ti --rm --user 1000:1000 -v rekdata:/var/lib/elasticsearch pschiffe/rsyslog-elasticsearch-kibana
Penerusan log pada peladen FreeIPA
git clone https://github.com/pschiffe/ipa-log-config.git /opt/ipa-log-config
cd /opt/ipa-log-config
#
# ./ipa_log_config.py --target <domain name or public/private ip of target server>
./ipa_log_config.py --target 10.130.135.194
Rujukan