Add ELK stack for Suricata log visualisation
Elasticsearch + Kibana + Filebeat in Docker, bridged via an elk network. Filebeat uses the Suricata module to parse eve.json and auto-installs Kibana dashboards on first run. ES heap capped at 1g; Kibana Node heap at 512m — total stack ~2-2.5 GB RAM. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
43ce6b046f
commit
699bbd9f9a
2 changed files with 101 additions and 0 deletions
|
|
@ -31,6 +31,7 @@
|
|||
./services/cloudflare-ddns.nix
|
||||
./services/fail2ban.nix
|
||||
./services/suricata.nix
|
||||
./services/elk.nix
|
||||
];
|
||||
|
||||
### Make build time quicker
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue