added tons of docker-compose examples

akamai · Jun 10, 2021 · f7646b6 · f7646b6
1 parent 5432e5e
commit f7646b6
Show file tree

Hide file tree

Showing 13 changed files with 192 additions and 72 deletions.
diff --git a/docker-compose/README.md b/docker-compose/README.md
@@ -0,0 +1,9 @@
+# Docker-Compose Configurations
+Within this directory, we provide some `docker compose` examples including example files.
+
+The docker-compose.yml controls the docker - relevant attributes like mounting the `.edgerc` file into the container.
+The `.env` files control the ULS via dedicated [ENVIRONMENTAL VARIABLES](../docs/ARGUMENTS_ENV_VARS.md).
+
+The [simple](./simple/README.md) directory provides a simple example running ULS via `docker compose`  
+The [complex](./complex/README.md) directory provides a more "real world" example combining multiple feeds and different outputs.  
+The [example](examples/README.md) directory provides different configuration snippets.
diff --git a/docker-compose/complex/README.md b/docker-compose/complex/README.md
@@ -0,0 +1,24 @@
+# ULS Complex Example
+
+This example provides a real world usage example for ULS within a `docker compose` setup.
+It combines three different AKAMAI Secure Enterprise Access feeds.
+All docker related controls can be found in [docker-compose.yml](docker-compose.yml)
+
+## EAA-ACCESS
+|IN|OUT|FILE|
+|---|---|---|
+|EAA-ACCESS|TCP|[eaa-access.env](eaa-access.env)|
+
+## ETP-THREAT
+|IN|OUT|FILE|
+|---|---|---|
+|ETP-THREAT|HTTP|[etp-threat.env](etp-threat.env)|
+
+## MFA-AUTH
+|IN|OUT|FILE|
+|---|---|---|
+|MFA-AUTH|UDP|[mfa-auth.env](mfa-auth.env)|
+
+
+
+
diff --git a/docker-compose/complex/docker-compose.yml b/docker-compose/complex/docker-compose.yml
@@ -6,21 +6,21 @@ services:
     env_file: etp-threat.env
     volumes:
       - type: bind
-        source: /Users/mschiess/.edgerc
+        source: /patch/to/your/.edgerc
         target: /opt/akamai-uls/.edgerc
   eaa-access:
     image: akamai/uls:latest
     restart: always
     env_file: eaa-access.env
     volumes:
       - type: bind
-        source: /Users/mschiess/.edgerc
+        source: /patch/to/your/.edgerc
         target: /opt/akamai-uls/.edgerc
   eaa-admin:
     image: akamai/uls:latest
     restart: always
-    env_file: eaa-admin.env
+    env_file: mfa-auth.env
     volumes:
       - type: bind
-        source: /Users/mschiess/.edgerc
+        source: /patch/to/your/.edgerc
         target: /opt/akamai-uls/.edgerc
diff --git a/docker-compose/complex/eaa-access.env b/docker-compose/complex/eaa-access.env
@@ -1,28 +1,15 @@
-# This is a sample ENV file for EAA - Threat logs (via ULS)
-
+# This is a sample ENV file for ULS EAA - ACCESS logs (output via TCP)
 # GENERIC Config
-ULS_LOGLEVEL=DEBUG
+#ULS_LOGLEVEL=DEBUG
 
 # INPUT CONFIGURATION
-    # THE INPUT PRODUCT [EAA | ETP | MFA]
     ULS_INPUT=EAA
-    # THE INPUT FEED
-    #   EAA: [ ADMIN | ACCESS]
-    #   ETP: [ THREAT | AUP ]
-    #   MFA: [ POLICY | AUTH ]
     ULS_FEED=ACCESS
-    # INPUT FORRMAT
     ULS_FORMAT=JSON
-    # LOCATION OF THE AKAMAI .EDGERC FILE
-    ULS_EDGERC='~/.edgerc'
-    # RELEVANT SECTION WITHIN THE EDGERC FILE
-    ULS_SECTION=akamaidemo
+    ULS_EDGERC='/opt/akamai-uls/.edgerc'
 
 
 # OUTPUT CONFIGURATION
-    # OUTPUT PATH [ TCP / UDP / HTTP ]
-    ULS_OUTPUT=UDP
-    # OUTPUT TARGET HOST
-    ULS_OUTPUT_HOST=192.168.86.34
-    # OUTPUT TARGET PORT
-    ULS_OUTPUT_PORT=9091
+    ULS_OUTPUT=TCP
+    ULS_OUTPUT_HOST=127.0.0.1
+    ULS_OUTPUT_PORT=9051
diff --git a/docker-compose/complex/eaa-admin.env b/docker-compose/complex/eaa-admin.env
diff --git a/docker-compose/complex/etp-threat.env b/docker-compose/complex/etp-threat.env
@@ -1,28 +1,17 @@
-# This is a sample ENV file for EAA - Threat logs (via ULS)
+# This is a sample ENV file for ULS ETP - Threat logs (output via HTTP to SPLUNK)
 
 # GENERIC Config
-ULS_LOGLEVEL=DEBUG
+ULS_LOGLEVEL=INFO
 
 # INPUT CONFIGURATION
-    # THE INPUT PRODUCT [EAA | ETP | MFA]
     ULS_INPUT=ETP
-    # THE INPUT FEED
-    #   EAA: [ ADMIN | ACCESS]
-    #   ETP: [ THREAT | AUP ]
-    #   MFA: [ POLICY | AUTH ]
     ULS_FEED=THREAT
-    # INPUT FORRMAT
     ULS_FORMAT=JSON
-    # LOCATION OF THE AKAMAI .EDGERC FILE
-    ULS_EDGERC='~/.edgerc'
-    # RELEVANT SECTION WITHIN THE EDGERC FILE
-    ULS_SECTION=akamaidemo
-
+    ULS_EDGERC='/opt/akamai-uls/.edgerc'
 
 # OUTPUT CONFIGURATION
-    # OUTPUT PATH [ TCP / UDP / HTTP ]
-    ULS_OUTPUT=TCP
-    # OUTPUT TARGET HOST
-    ULS_OUTPUT_HOST=192.168.86.34
-    # OUTPUT TARGET PORT
-    ULS_OUTPUT_PORT=9091
+    ULS_OUTPUT=HTTP
+    ULS_HTTP_URL='https://127.0.0.1:8088/services/collector/event'
+    ULS_HTTP_AUTH_HEADER='{"Authorization": "Splunk xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"}'
+    ULS_HTTP_INSECURE="True"
+    ULS_HTTP_FORMAT='{"event": %s}'
diff --git a/docker-compose/complex/mfa-auth.env b/docker-compose/complex/mfa-auth.env
@@ -0,0 +1,16 @@
+# This is a sample ENV file for ULS MFA - AUTH logs (output via UDP)
+
+# GENERIC Config
+ULS_LOGLEVEL=INFO
+
+# INPUT CONFIGURATION
+    ULS_INPUT=MFA
+    ULS_FEED=AUTH
+    ULS_FORMAT=JSON
+    ULS_EDGERC='/opt/akamai-uls/.edgerc'
+
+
+# OUTPUT CONFIGURATION
+    ULS_OUTPUT=UDP
+    ULS_OUTPUT_HOST=127.0.0.1
+    ULS_OUTPUT_PORT=9053
diff --git a/docker-compose/examples/README.md b/docker-compose/examples/README.md
@@ -0,0 +1,9 @@
+# ULS DOCKER COMPOSE examples
+This directory contains configuration examples (for simple copy & paste usage)
+
+## docker-compose.yml
+This file contains all currently supported feeds: [all_services_docker-compose.yml](all_services_docker-compose.yml)
+
+## ENV file
+This file contains all available ENV VARS explained in a single file.
+[example_env_file.env](example_env_file.env)
diff --git a/docker-compose/examples/all_services_docker-compose.yml b/docker-compose/examples/all_services_docker-compose.yml
@@ -0,0 +1,58 @@
+version: "3.0"
+services:
+  # THREAT
+  etp-threat:
+    image: akamai/uls:latest
+    restart: always
+    env_file: etp-threat.env
+    volumes:
+      - type: bind
+        source: /patch/to/your/.edgerc
+        target: /opt/akamai-uls/.edgerc
+  # AUP
+  etp-aup:
+    image: akamai/uls:latest
+    restart: always
+    env_file: etp-aup.env
+    volumes:
+      - type: bind
+        source: /patch/to/your/.edgerc
+        target: /opt/akamai-uls/.edgerc
+# EAA
+  # ACCESS
+  eaa-access:
+    image: akamai/uls:latest
+    restart: always
+    env_file: eaa-access.env
+    volumes:
+      - type: bind
+        source: /patch/to/your/.edgerc
+        target: /opt/akamai-uls/.edgerc
+  # ADMIN
+  eaa-admin:
+    image: akamai/uls:latest
+    restart: always
+    env_file: eaa-admin.env
+    volumes:
+      - type: bind
+        source: /patch/to/your/.edgerc
+        target: /opt/akamai-uls/.edgerc
+# MFA
+  # AUTH
+  mfa-auth:
+    image: akamai/uls:latest
+    restart: always
+    env_file: mfa-auth.env
+    volumes:
+      - type: bind
+        source: /patch/to/your/.edgerc
+        target: /opt/akamai-uls/.edgerc
+  # POLICY
+  mfa-policy:
+    image: akamai/uls:latest
+    restart: always
+    env_file: mfa-policy.env
+    volumes:
+      - type: bind
+        source: /patch/to/your/.edgerc
+        target: /opt/akamai-uls/.edgerc
diff --git a/docker-compose/examples/example_env_file.env b/docker-compose/examples/example_env_file.env
@@ -0,0 +1,40 @@
+# This is a FULL example of all possible ENV FILE OPTIONS
+# Be aware that mixing TCP/HTTP can lead to unwanted behaviour !!
+# Rather use them exclusively
+
+# GENERIC Config
+ULS_LOGLEVEL=DEBUG
+
+# INPUT CONFIGURATION
+    # THE INPUT PRODUCT [EAA | ETP | MFA]
+    ULS_INPUT=ETP
+    # THE INPUT FEED
+    #   EAA: [ ADMIN | ACCESS]
+    #   ETP: [ THREAT | AUP ]
+    #   MFA: [ POLICY | AUTH ]
+    ULS_FEED=THREAT
+    # INPUT FORRMAT
+    ULS_FORMAT=JSON
+    # LOCATION OF THE AKAMAI .EDGERC FILE
+    ULS_EDGERC='/opt/akamai-uls/.edgerc'
+    # RELEVANT SECTION WITHIN THE EDGERC FILE
+    ULS_SECTION=default
+    # PROXY TO ACCESS AKAMAI API'S WHILE FETCHING THE LOGS
+    #ULS_INPUT_PROXY='None'
+
+# OUTPUT CONFIGURATION
+    # OUTPUT PATH [ TCP / UDP / HTTP ]
+    ULS_OUTPUT=TCP
+    # OUTPUT TARGET HOST (FOR TCP/UDP only)
+    ULS_OUTPUT_HOST=127.0.0.1
+    # OUTPUT TARGET PORT (FOR TCP/UDP only)
+    ULS_OUTPUT_PORT=9091
+
+    # HTTP URL (FOR HTTP only)
+    ULS_HTTP_URL='https://SPLUNK:8088/services/collector/event''
+    # HTTP AUTH HEADER (required for i.e. SPLUNK) (FOR HTTP only)
+    ULS_HTTP_AUTH_HEADER='{"Authorization": "Splunk xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"}'
+    # DISABLE HTTP CA CERT VERIFICATION - INSECURE !!! (FOR HTTP only)
+    ULS_HTTP_INSECURE="True"
+    # HTTP OUTPUT FORMAT - %s will be replaced by the data feed (Default value works for splunk) (FOR HTTP only)
+    ULS_HTTP_FORMAT='{"event": %s}'
diff --git a/docker-compose/simple/README.md b/docker-compose/simple/README.md
@@ -0,0 +1,16 @@
+# ULS SIMPLE Example
+
+This example provides demo usage example for ULS within a `docker compose` setup.
+It shows a single configured feed for visibility. 
+You might want to look over to a [real world example.](../complex/README.md)
+All docker related controls can be found in [docker-compose.yml](docker-compose.yml)
+
+## ETP-THREAT
+|IN|OUT|FILE|
+|---|---|---|
+|ETP-THREAT|TCP|[etp-threat.env](etp-threat.env)|
+
+
+
+
+
diff --git a/docker-compose/simple/docker-compose.yml b/docker-compose/simple/docker-compose.yml
@@ -6,5 +6,5 @@ services:
     env_file: etp-threat.env
     volumes:
       - type: bind
-        source: /Users/mschiess/.edgerc
+        source: /patch/to/your/.edgerc
         target: /opt/akamai-uls/.edgerc
diff --git a/docs/DOCKER-COMPOSE_USAGE.md b/docs/DOCKER-COMPOSE_USAGE.md
@@ -55,5 +55,5 @@ docker compose up -d
   **Files:**  
     - [docker-compose.yml](../docker-compose/complex/docker-compose.yml)
     - [etp-threat.env](../docker-compose/complex/etp-threat.env)
-    - [eaa-admin.env](../docker-compose/complex/eaa-admin.env)
+    - [eaa-admin.env](../docker-compose/complex/eaa-access.env)
     - [eaa-access.env](../docker-compose/complex/eaa-access.env)