sfl0r3nz05/LogMonitoringHFB

ex# Log Monitoring based on Hyperledger Fabric Blockchain

General Architecture

The necessary plugins must be added as part of the Dockerfile included in logstash folder. E.g.:
- RUN logstash-plugin install logstash-output-mongodb
- RUN logstash-plugin install logstash-filter-uuid
Create a file (.env) in the project root based on .env.example file.
- The .env file must be contain:
  - OS_SURICATA=
  - ELK_VERSION=
  - MONGO_INITDB_DATABASE=
  - MONGO_INITDB_COLLECTION=
  - MONGO_INITDB_ROOT_USERNAME=
  - MONGO_INITDB_ROOT_PASSWORD=
  - ME_CONFIG_BASICAUTH_USERNAME=
  - ME_CONFIG_BASICAUTH_PASSWORD=
  - ME_CONFIG_MONGODB_ADMINUSERNAME=
  - ME_CONFIG_MONGODB_ADMINPASSWORD=
Create a folder json-data
Create a file eve.json in the same directory (json-data).
- The purpose of this feature is .gitignore file ignorates the eve.json to avoid overhead the repository with a huge json file.
Set execution permissions to eve.json file E.g.: sudo chmod +x -R json-data/*
Create folders mkdir -pv mongodb/database
Create folders mkdir -pv mongodb/entrypoint
Set the entrypoint file mongo-init.js
Set execution permissions to mongodb folder E.g.: sudo chmod +x -R mongodb/*
Create the file .dbshell
Set execution permissions to .dbshell file E.g.: sudo chmod +x -R mongodb/.dbshell

To transfer the data, e.g., curl https://downloads.mongodb.com/compass/mongosh-1.0.1-linux-x64.tgz --output mongosh-1.0.1-linux-x64.tgz
To unzip mongosh-1.0.1-linux-x64, e.g., tar -zxvf mongosh-1.0.1-linux-x64.tgz
To access to bin folder, e.g., cd mongosh-1.0.1-linux-x64/bin
To log in mongodb client, e.g., ./mongosh mongodb://lourdes:changeme@172.20.0.3:27017/suricata
To authenticate in the database, e.g., ./mongosh mongodb://lourdes:changeme@172.18.0.2:27017/suricata?authSource=admin

To test the UUID and Json filters the mongodb plugin is disabled and then the file plugin is enabled:
- file {path => "/usr/share/logstash/output/output.json"}