Skip to content
/ SOC-Robocop Public

Kibana plugin that provides alerts to monitor events in Elasticsearch.

License

BSD-2-Clause license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jeremycohensolal/SOC-Robocop

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
docs
docs
 
 
public
public
 
 
server
server
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

Description

Robocop is a Kibana plugin providing alerts to monitor events in Elasticsearch. By default he doesn't provide any access control, you need to configure Kibana or Apache/Nginx filter.

Installation

Prerequisites

  • Download and install Elasticsearch and Kibana
  • Compatible with elasticsearch and Kibana > 6.4

For development

In the "plugins" folder of kibana:

$ git clone <GIT_URL> robocop
$ cd robocop/
$ npm install

For production

1 - Download the source and create the archive.

$ git clone <GIT_URL>
$ zip -r robocop kibana

3 - Install on the server

$ /usr/share/kibana/bin/kibana-plugin install files:///path/to/robocop.zip
$ cd /usr/share/kibana/plugins/robocop/
$ npm install

Quick configuration

In the file config/kibana.yml add the following line:

# Robocop
robocop.enabled: true

robocop.action.slack.enabled: true
robocop.action.slack.token: "xoxb-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
robocop.action.slack.name: "My bot"
robocop.action.slack.canal: "alert_channel"
robocop.action.slack.footer: ":heavy_minus_sign:"

robocop.action.mail.enabled: true
robocop.action.mail.to: "[email protected]"
robocop.action.mail.from: "[email protected]"
robocop.action.mail.smtpHost: "host.compagny.com"
robocop.action.mail.subject: "[@[date.format('YYYY/MM/DD HH:mm:ss')]][@[alert.level]][@[alert.number]][@[alert.title]] @[result.hits.total]"

robocop.action.marvin.enabled: true

robocop.script.enabled: true
robocop.script.path: "/tmp/script/"

Snapshot

To use snapshot, you must configure Elasticsearch to accept it.

  1. Modify Elasticsearch configuration file to set the repository.
  File system : path.repo: ["/mount/backups", "/mount/longterm_backups"]
  URL         : repositories.url.allowed_urls: ["http://www.example.org/root/*", "https://*.mydomain.com/*?*#*"]
  1. Create the repository in Elasticsearch (exemple for file systeme):
  • In the dev mode of Kibana:
  PUT _snapshot/robocop
  {
    "type": "fs",
    "settings": {
      "location": "/mount/backups"
    }
  }
  • With curl:
  curl -XPUT 'http://localhost:9200/_snapshot/robocop' -H 'Content-Type: application/json' -d '{
      "type": "fs",
      "settings": {
          "location": "/mount/backups",
      }
  }'

source: https://www.elastic.co/guide/en/elasticsearch/reference/5.x/modules-snapshots.html#_repositories

Documentation

See the documentation for more informations.

Development

To generate code documentation. In the folder "robocop" :

./node_modules/jsdoc/jsdoc.js -r -d /tmp/doc public/ server/ package.json index.js

[Author] Florian Scherb

About

Kibana plugin that provides alerts to monitor events in Elasticsearch.

Resources

Readme

License

BSD-2-Clause license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages