From 59a22c3f96bdab065cd436d5e65586835853cda4 Mon Sep 17 00:00:00 2001 From: Benjam <53127823+benjamsf@users.noreply.github.com> Date: Sun, 17 Nov 2024 14:30:10 +0200 Subject: [PATCH 1/7] add elastic agent config --- docker-compose.yml | 17 +++++++++++++++++ elastic-agent-config/elastic-agent.yml | 22 ++++++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 elastic-agent-config/elastic-agent.yml diff --git a/docker-compose.yml b/docker-compose.yml index 98abe562..62c614fa 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -445,6 +445,23 @@ services: start_period: 5s restart: unless-stopped + elastic-agent: + image: docker.elastic.co/beats/elastic-agent:8.10.1 + container_name: elastic-agent + user: root + environment: + ELASTIC_AGENT_ENROLLMENT_TOKEN: ${ELASTIC_AGENT_ENROLLMENT_TOKEN} + ELASTIC_AGENT_FLEET_URL: ${ELASTIC_AGENT_FLEET_URL} + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /sys/fs/cgroup:/hostfs/sys/fs/cgroup + - /proc:/hostfs/proc + - /:/hostfs + - ./elastic-agent-config/elastic-agent.yml:/usr/share/elastic-agent/elastic-agent.yml + networks: + - loggingnet + restart: unless-stopped + kwinit: # Mostly to make sure it's built image: pvarki/kw_product_init:1.0.0-d${RELEASE_TAG:-1.5.1}${DOCKER_TAG_EXTRA:-} build: diff --git a/elastic-agent-config/elastic-agent.yml b/elastic-agent-config/elastic-agent.yml new file mode 100644 index 00000000..8e3fc945 --- /dev/null +++ b/elastic-agent-config/elastic-agent.yml @@ -0,0 +1,22 @@ +{% if ELASTIC_AGENT_ENROLLMENT_TOKEN and ELASTIC_AGENT_FLEET_URL %} +fleet: + enrollment_token: ${ELASTIC_AGENT_ENROLLMENT_TOKEN} + hosts: + - ${ELASTIC_AGENT_FLEET_URL} +{% else %} +outputs: + default: + type: elasticsearch + hosts: + - http://elasticsearch:9200 + +inputs: + - id: docker-logs + type: logfile + streams: + - paths: + - /var/lib/docker/containers/*/*.log + parsers: + - ndjson: + message_key: log +{% endif %} From e8b8c9e5f62ff3d6d3f48cdd622a20fb26b28d30 Mon Sep 17 00:00:00 2001 From: Benjam <53127823+benjamsf@users.noreply.github.com> Date: Sun, 17 Nov 2024 15:09:40 +0200 Subject: [PATCH 2/7] profile: kibana to conditionally deliver kibana --- docker-compose.yml | 93 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 62c614fa..81d70a56 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -462,6 +462,99 @@ services: - loggingnet restart: unless-stopped + ########################## + # BEGIN profile: kibana # + ########################## + + # profile: kibana - deploy conditionally if profile: kibana is used + elasticsearch: + image: docker.elastic.co/elasticsearch/elasticsearch:8.10.1 + container_name: elasticsearch + environment: + - node.name=elasticsearch + - discovery.type=single-node + - network.host=0.0.0.0 + - bootstrap.memory_lock=true + - xpack.security.enabled=false + - ES_JAVA_OPTS=-Xms512m -Xmx512m + ulimits: + memlock: + soft: -1 + hard: -1 + volumes: + - es_data:/usr/share/elasticsearch/data + networks: + - loggingnet + ports: + - "9200:9200" + restart: unless-stopped + profiles: + - kibana + + # profile: kibana - deploy conditionally if profile: kibana is used + kibana: + image: docker.elastic.co/kibana/kibana:8.10.1 + container_name: kibana + environment: + - SERVER_NAME=kibana + - ELASTICSEARCH_HOSTS=http://elasticsearch:9200 + - XPACK_SECURITY_ENABLED=false + depends_on: + - elasticsearch + networks: + - loggingnet + expose: + - "5601" + restart: unless-stopped + profiles: + - kibana + + # profile: kibana - deploy conditionally if profile: kibana is used + kibananginx: + <<: *nginxbuildinfo + volumes: + - nginx_templates:/nginx_templates + - ca_public:/ca_public + - le_certs:/le_certs + environment: + NGINX_HOST: "kibana.${SERVER_DOMAIN}" + NGINX_HTTP_PORT: "80" + NGINX_HTTPS_PORT: "5601" + NGINX_UPSTREAM: "kibana" + NGINX_UPSTREAM_PORT: "5601" + NGINX_CERT_NAME: "kibana" + CFSSL_OCSP_BIND_PORT: *oscpport + NGINX_OCSP_UPSTREAM: *ocsphost + DNS_RESOLVER_IP: *dnsresolver + NGINX_TEMPLATE_DIR: "templates_kibana" + networks: + - loggingnet + - ocspnet + ports: + - "5601:5601" + depends_on: + kibana: + condition: service_started + nginx_templates: + condition: service_completed_successfully + ocsp: + condition: service_healthy + cfssl: + condition: service_healthy + healthcheck: + test: 'curl -s localhost:5666/healthcheck || exit 1' + interval: 5s + timeout: 5s + retries: 3 + start_period: 5s + restart: unless-stopped + profiles: + - kibana + + ########################## + # END profile: kibana # + ########################## + kwinit: # Mostly to make sure it's built image: pvarki/kw_product_init:1.0.0-d${RELEASE_TAG:-1.5.1}${DOCKER_TAG_EXTRA:-} build: From 441a6a0d3cb836f49f6594b10607091eca592666 Mon Sep 17 00:00:00 2001 From: Benjam <53127823+benjamsf@users.noreply.github.com> Date: Sun, 17 Nov 2024 15:13:15 +0200 Subject: [PATCH 3/7] add nginx konfig for kibananginx --- nginx/templates_kibana/default.conf.template | 34 ++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 nginx/templates_kibana/default.conf.template diff --git a/nginx/templates_kibana/default.conf.template b/nginx/templates_kibana/default.conf.template new file mode 100644 index 00000000..7473c061 --- /dev/null +++ b/nginx/templates_kibana/default.conf.template @@ -0,0 +1,34 @@ +ssl_certificate /le_certs/${NGINX_CERT_NAME}/fullchain.pem; +ssl_certificate_key /le_certs/${NGINX_CERT_NAME}/privkey.pem; + +include /etc/nginx/includes/le_common_settings.conf; + +server { + server_name ${NGINX_HOST}; + + # HTTPS configuration + listen ${NGINX_HTTPS_PORT} ssl; + + ssl_client_certificate /ca_public/ca_chain.pem; + ssl_verify_client on; + ssl_ocsp leaf; + ssl_ocsp_responder http://${NGINX_OCSP_UPSTREAM}:${CFSSL_OCSP_BIND_PORT}; + resolver ${DNS_RESOLVER_IP} ipv6=off; + #ssl_crl /ca_public/crl.pem; + ssl_verify_depth 3; + + location / { + if ($ssl_client_verify != SUCCESS) { + return 401; + } + proxy_pass http://${NGINX_UPSTREAM}:${NGINX_UPSTREAM_PORT}; + proxy_redirect off; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 900; + proxy_set_header X-ClientCert-DN $ssl_client_s_dn; + proxy_set_header X-ClientCert-Serial $ssl_client_serial; + } +} From c4f9503422c83235cce716f2d76d268f33e384fb Mon Sep 17 00:00:00 2001 From: Benjam <53127823+benjamsf@users.noreply.github.com> Date: Sun, 17 Nov 2024 15:17:42 +0200 Subject: [PATCH 4/7] loggingnet and elastics data volume --- docker-compose.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 81d70a56..1b6f6b61 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -466,7 +466,6 @@ services: # BEGIN profile: kibana # ########################## - # profile: kibana - deploy conditionally if profile: kibana is used elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:8.10.1 container_name: elasticsearch @@ -491,7 +490,6 @@ services: profiles: - kibana - # profile: kibana - deploy conditionally if profile: kibana is used kibana: image: docker.elastic.co/kibana/kibana:8.10.1 container_name: kibana @@ -509,7 +507,6 @@ services: profiles: - kibana - # profile: kibana - deploy conditionally if profile: kibana is used kibananginx: <<: *nginxbuildinfo volumes: @@ -811,6 +808,7 @@ networks: dbnet: intranet: taknet: + loggingnet: volumes: kraftwerk_data: @@ -829,3 +827,4 @@ volumes: takrmapi_data: rmui_files: nginx_templates: + es_data: From 84becdcf89f22710f743a63364660ee2765bde30 Mon Sep 17 00:00:00 2001 From: Benjam <53127823+benjamsf@users.noreply.github.com> Date: Sun, 17 Nov 2024 16:53:00 +0200 Subject: [PATCH 5/7] Conditional config for local elk --- docker-compose-local.yml | 105 +++++++++++++++++++++++++ docker-compose.yml | 15 ++-- elastic-agent-config/elastic-agent.yml | 14 ++-- example_env.sh | 5 ++ 4 files changed, 128 insertions(+), 11 deletions(-) diff --git a/docker-compose-local.yml b/docker-compose-local.yml index 002d66f9..a19dfd7c 100644 --- a/docker-compose-local.yml +++ b/docker-compose-local.yml @@ -54,6 +54,7 @@ x-domains_env: PRODUCT_DOMAIN: &productdomain "fake.${SERVER_DOMAIN:-localmaeher.pvarki.fi}" TAK_DOMAIN: &takdomain "tak.${SERVER_DOMAIN:-localmaeher.pvarki.fi}" TAK_RMAPI_PORT: &takapiport ${TAK_RMAPI_PORT:-4626} + KIBANA_DOMAIN: &kibanadomain "kibana.${SERVER_DOMAIN:-localmaeher.pvarki.fi}" # local Kibana DNS_RESOLVER_IP: &dnsresolver ${DNS_RESOLVER_IP:-127.0.0.11} # Must be able to resolve docker internal names OCSCP_RESPONDER: &publicocsp "https://${SERVER_DOMAIN:-localmaeher.pvarki.fi}:${NGINX_HTTPS_PORT:-4439}/ca/ocsp" # The public URL @@ -473,6 +474,108 @@ services: - kraftwerk_shared_fake:/pvarki - kwinit_data:/data/persistent +############################ +# BEGIN Elastic & Kibana # +############################ + + elasticsearch: + image: docker.elastic.co/elasticsearch/elasticsearch:8.15.3 + container_name: elasticsearch + environment: + - node.name=elasticsearch + - discovery.type=single-node + - network.host=0.0.0.0 + - bootstrap.memory_lock=true + - xpack.security.enabled=false + - ES_JAVA_OPTS=-Xms512m -Xmx512m + ulimits: + memlock: + soft: -1 + hard: -1 + volumes: + - es_data:/usr/share/elasticsearch/data + networks: + - loggingnet + ports: + - "9200:9200" + restart: unless-stopped + + kibana: + image: docker.elastic.co/kibana/kibana:8.15.3 + container_name: kibana + environment: + - SERVER_NAME=kibana + - ELASTICSEARCH_HOSTS=http://elasticsearch:9200 + - XPACK_SECURITY_ENABLED=false + depends_on: + - elasticsearch + networks: + - loggingnet + expose: + - "5601" + restart: unless-stopped + + kibananginx: + <<: *nginxbuildinfo + volumes: + - nginx_templates:/nginx_templates + - ca_public:/ca_public + - le_certs:/le_certs + environment: + NGINX_HOST: "kibana.${SERVER_DOMAIN}" + NGINX_HTTP_PORT: "80" + NGINX_HTTPS_PORT: "5601" + NGINX_UPSTREAM: "kibana" + NGINX_UPSTREAM_PORT: "5601" + NGINX_CERT_NAME: "kibana" + CFSSL_OCSP_BIND_PORT: *oscpport + NGINX_OCSP_UPSTREAM: *ocsphost + DNS_RESOLVER_IP: *dnsresolver + NGINX_TEMPLATE_DIR: "templates_kibana" + networks: + - loggingnet + - ocspnet + ports: + - "5601:5601" + depends_on: + kibana: + condition: service_started + nginx_templates: + condition: service_completed_successfully + ocsp: + condition: service_healthy + cfssl: + condition: service_healthy + healthcheck: + test: 'curl -s localhost:5666/healthcheck || exit 1' + interval: 5s + timeout: 5s + retries: 3 + start_period: 5s + restart: unless-stopped + + elastic-agent: + image: docker.elastic.co/beats/elastic-agent:8.15.3 + container_name: elastic-agent + user: root + environment: + ELASTIC_AGENT_ENABLED: "false" + ELASTICSEARCH_HOSTS: "http://elasticsearch:9200" + LOG_INPUT_ENABLED: "true" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /sys/fs/cgroup:/hostfs/sys/fs/cgroup + - /proc:/hostfs/proc + - /:/hostfs + - ./elastic-agent-config/elastic-agent.yml:/usr/share/elastic-agent/elastic-agent.yml + networks: + - loggingnet + restart: unless-stopped + +########################## +# END Elastic & Kibana # +########################## + ###################### # Begin: Fakeproduct # ###################### @@ -780,6 +883,7 @@ networks: dbnet: intranet: taknet: + loggingnet: volumes: kraftwerk_data: @@ -798,3 +902,4 @@ volumes: takrmapi_data: rmui_files: nginx_templates: + es_data: diff --git a/docker-compose.yml b/docker-compose.yml index 1b6f6b61..7c312379 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -52,6 +52,7 @@ x-domains_env: PRODUCT_DOMAIN: &productdomain "fake.${SERVER_DOMAIN:?domain must be defined}" TAK_DOMAIN: &takdomain "tak.${SERVER_DOMAIN:?domain must be defined}" TAK_RMAPI_PORT: &takapiport ${TAK_RMAPI_PORT:-4626} + KIBANA_DOMAIN: &kibanadomain ${KIBANA_DOMAIN:-} # not defined, if enrolled to Elastic fleet DNS_RESOLVER_IP: &dnsresolver ${DNS_RESOLVER_IP:-127.0.0.11} # Must be able to resolve docker internal names OCSCP_RESPONDER: &publicocsp "https://${SERVER_DOMAIN:?domain must be defined}:${NGINX_HTTPS_PORT:-443}/ca/ocsp" # The public URL @@ -446,12 +447,14 @@ services: restart: unless-stopped elastic-agent: - image: docker.elastic.co/beats/elastic-agent:8.10.1 + image: docker.elastic.co/beats/elastic-agent:8.15.3 container_name: elastic-agent - user: root environment: - ELASTIC_AGENT_ENROLLMENT_TOKEN: ${ELASTIC_AGENT_ENROLLMENT_TOKEN} - ELASTIC_AGENT_FLEET_URL: ${ELASTIC_AGENT_FLEET_URL} + ELASTIC_AGENT_ENABLED: "${ELASTIC_AGENT_ENABLED:-false}" + ELASTIC_AGENT_ENROLLMENT_TOKEN: "${ELASTIC_AGENT_ENROLLMENT_TOKEN}" + ELASTIC_AGENT_FLEET_URL: "${ELASTIC_AGENT_FLEET_URL}" + ELASTICSEARCH_HOSTS: "${ELASTICSEARCH_HOSTS:-http://elasticsearch:9200}" + LOG_INPUT_ENABLED: "${LOG_INPUT_ENABLED:-true}" volumes: - /var/run/docker.sock:/var/run/docker.sock - /sys/fs/cgroup:/hostfs/sys/fs/cgroup @@ -467,7 +470,7 @@ services: ########################## elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.10.1 + image: docker.elastic.co/elasticsearch/elasticsearch:8.15.3 container_name: elasticsearch environment: - node.name=elasticsearch @@ -491,7 +494,7 @@ services: - kibana kibana: - image: docker.elastic.co/kibana/kibana:8.10.1 + image: docker.elastic.co/kibana/kibana:8.15.3 container_name: kibana environment: - SERVER_NAME=kibana diff --git a/elastic-agent-config/elastic-agent.yml b/elastic-agent-config/elastic-agent.yml index 8e3fc945..50adbdd3 100644 --- a/elastic-agent-config/elastic-agent.yml +++ b/elastic-agent-config/elastic-agent.yml @@ -1,22 +1,26 @@ -{% if ELASTIC_AGENT_ENROLLMENT_TOKEN and ELASTIC_AGENT_FLEET_URL %} +agent: + id: ${ELASTIC_AGENT_ID} + +# Fleet enrollment configuration fleet: + enabled: ${ELASTIC_AGENT_ENABLED} enrollment_token: ${ELASTIC_AGENT_ENROLLMENT_TOKEN} hosts: - ${ELASTIC_AGENT_FLEET_URL} -{% else %} + +# Standalone configuration outputs: default: type: elasticsearch - hosts: - - http://elasticsearch:9200 + hosts: ${ELASTICSEARCH_HOSTS:-http://elasticsearch:9200} inputs: - id: docker-logs type: logfile + enabled: ${LOG_INPUT_ENABLED:-true} streams: - paths: - /var/lib/docker/containers/*/*.log parsers: - ndjson: message_key: log -{% endif %} diff --git a/example_env.sh b/example_env.sh index 0f9907e5..1c949495 100644 --- a/example_env.sh +++ b/example_env.sh @@ -11,4 +11,9 @@ export MW_LE_EMAIL="example@example.com" export MW_LE_TEST="true" # switch to false when you are ready for production export TAKSERVER_CERT_PASS="KissaKoira123!AlpakkaMursu" # used for the JKS export TAK_CA_PASS="AlpakkaMursu!KissaKoira123" # used for the JKS +export KIBANA_DOMAIN="kibana.${SERVER_DOMAIN}" # Set kibana domain, if you want to use kibana locally export VITE_ASSET_SET="${VITE_ASSET_SET:-neutral}" # used RMUI to define asset sets (logos, etc). +export ELASTIC_AGENT_ENABLED="false" # If you want to enable ElasticAgent for fleet configuration, set true +export ELASTIC_AGENT_ENROLLMENT_TOKEN= # Token for Elastic fleet enrolment +export ELASTIC_AGENT_FLEET_URL= #Url for Elasti fleet enrolment +export LOG_INPUT_ENABLED="true" From 382bed6687be557cf582343813dbbdd8e9373eb0 Mon Sep 17 00:00:00 2001 From: Benjam <53127823+benjamsf@users.noreply.github.com> Date: Sun, 17 Nov 2024 17:41:16 +0200 Subject: [PATCH 6/7] nginx_cert_name for local-dev elk nginx --- docker-compose-local.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose-local.yml b/docker-compose-local.yml index a19dfd7c..01ad1ca0 100644 --- a/docker-compose-local.yml +++ b/docker-compose-local.yml @@ -527,7 +527,7 @@ services: NGINX_HTTPS_PORT: "5601" NGINX_UPSTREAM: "kibana" NGINX_UPSTREAM_PORT: "5601" - NGINX_CERT_NAME: "kibana" + NGINX_CERT_NAME: "rasenmaeher" CFSSL_OCSP_BIND_PORT: *oscpport NGINX_OCSP_UPSTREAM: *ocsphost DNS_RESOLVER_IP: *dnsresolver From c768b5987fb01363dc574a5a1ffb124022142b70 Mon Sep 17 00:00:00 2001 From: Benjam <53127823+benjamsf@users.noreply.github.com> Date: Sun, 17 Nov 2024 19:01:47 +0200 Subject: [PATCH 7/7] fix agent config --- docker-compose-local.yml | 11 +++++++---- docker-compose.yml | 16 ++++++++-------- elastic-agent-config/elastic-agent.yml | 20 ++++++++++++-------- 3 files changed, 27 insertions(+), 20 deletions(-) diff --git a/docker-compose-local.yml b/docker-compose-local.yml index 01ad1ca0..85c93559 100644 --- a/docker-compose-local.yml +++ b/docker-compose-local.yml @@ -559,19 +559,22 @@ services: container_name: elastic-agent user: root environment: - ELASTIC_AGENT_ENABLED: "false" + ELASTIC_AGENT_ENABLED: "false" # Disable Fleet enrollment in local mode + ELASTIC_AGENT_ID: "local-agent" # Assign a unique ID + ELASTIC_AGENT_ENROLLMENT_TOKEN: "dummy-token" + ELASTIC_AGENT_FLEET_URL: "http://dummy-fleet-url" ELASTICSEARCH_HOSTS: "http://elasticsearch:9200" LOG_INPUT_ENABLED: "true" volumes: - /var/run/docker.sock:/var/run/docker.sock - - /sys/fs/cgroup:/hostfs/sys/fs/cgroup - - /proc:/hostfs/proc - - /:/hostfs + - /var/lib/docker/containers:/var/lib/docker/containers:ro + - /:/hostfs:ro - ./elastic-agent-config/elastic-agent.yml:/usr/share/elastic-agent/elastic-agent.yml networks: - loggingnet restart: unless-stopped + ########################## # END Elastic & Kibana # ########################## diff --git a/docker-compose.yml b/docker-compose.yml index 7c312379..245a93dd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -449,17 +449,17 @@ services: elastic-agent: image: docker.elastic.co/beats/elastic-agent:8.15.3 container_name: elastic-agent + user: root environment: - ELASTIC_AGENT_ENABLED: "${ELASTIC_AGENT_ENABLED:-false}" - ELASTIC_AGENT_ENROLLMENT_TOKEN: "${ELASTIC_AGENT_ENROLLMENT_TOKEN}" - ELASTIC_AGENT_FLEET_URL: "${ELASTIC_AGENT_FLEET_URL}" - ELASTICSEARCH_HOSTS: "${ELASTICSEARCH_HOSTS:-http://elasticsearch:9200}" - LOG_INPUT_ENABLED: "${LOG_INPUT_ENABLED:-true}" + ELASTIC_AGENT_ENABLED: ${ELASTIC_AGENT_ENABLED-false} # Unless set to true, the agent will not start + ELASTIC_AGENT_ENROLLMENT_TOKEN: "${ELASTIC_AGENT_ENROLLMENT_TOKEN:-dummy-token}" + ELASTIC_AGENT_FLEET_URL: "${ELASTIC_AGENT_FLEET_URL:-http://dummy-fleet-url}" + ELASTICSEARCH_HOSTS: "http://elasticsearch:9200" + LOG_INPUT_ENABLED: "true" volumes: - /var/run/docker.sock:/var/run/docker.sock - - /sys/fs/cgroup:/hostfs/sys/fs/cgroup - - /proc:/hostfs/proc - - /:/hostfs + - /var/lib/docker/containers:/var/lib/docker/containers:ro + - /:/hostfs:ro - ./elastic-agent-config/elastic-agent.yml:/usr/share/elastic-agent/elastic-agent.yml networks: - loggingnet diff --git a/elastic-agent-config/elastic-agent.yml b/elastic-agent-config/elastic-agent.yml index 50adbdd3..ccfc7024 100644 --- a/elastic-agent-config/elastic-agent.yml +++ b/elastic-agent-config/elastic-agent.yml @@ -12,15 +12,19 @@ fleet: outputs: default: type: elasticsearch - hosts: ${ELASTICSEARCH_HOSTS:-http://elasticsearch:9200} + hosts: + - ${ELASTICSEARCH_HOSTS:-http://elasticsearch:9200} inputs: - - id: docker-logs - type: logfile + - type: docker + id: docker-logs enabled: ${LOG_INPUT_ENABLED:-true} streams: - - paths: - - /var/lib/docker/containers/*/*.log - parsers: - - ndjson: - message_key: log + - containers.ids: + - '*' # Collect logs from all containers + processors: + - add_docker_metadata: ~ + # Enable the Docker module + modules: + - name: docker + enabled: true