Docker SIEM install

Mike_Kirby · December 19, 2023, 2:33pm

I am at the beginning of a new ELK SIEM installation and am looking to verify a couple of items.

When creating the SIEM in docker the documentation does not say to pull the Logstash component. Is there a reason for this? Can it be pulled with the same string as elasticsearch and kibana

docker pull docker.elastic.co/logstash/logstash:8.11.3

When creating this in a docker environment, should I be configuring the 3 servers (ES, Kib,Log) as normal servers in terms of sizing?

Thank you for the feedback. Wanting to set this up correctly the first time.

Mike_Kirby · January 8, 2024, 2:14pm

I have been able to get past this phase of the installation.

I created the 3 servers as per normal. From there I used Podman to create pods for the SIEM components and then containers in the pods.

Logstash and Kibana are running however, I am unable to start the Elasticsearch containers.

system · February 5, 2024, 2:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.