initial implemnation with lame bash script

Author: anapsix

.dockerignore

@@ -0,0 +1,4 @@
+.git/
+helm/
+logs/
+*.md

.gitignore

@@ -0,0 +1 @@
+logs/

Dockerfile

@@ -0,0 +1,28 @@
+FROM alpine:3.11
+ENV FILEBEAT_VERSION=7.6.2
+ENV FILEBEAT_HOME=/opt/filebeat
+ENV FILEBEAT_USER=filebeat
+RUN apk upgrade -U && \
+    apk add dumb-init bash jq curl coreutils libc6-compat && \
+    rm -rf /var/cache/apk/* && \
+    addgroup -g 1000 ${FILEBEAT_USER} && \
+    adduser -h ${FILEBEAT_HOME} -H -D -u 1000 -G ${FILEBEAT_USER} -s /bin/false ${FILEBEAT_USER} && \
+    mkdir /logs && \
+    curl -sS https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-linux-x86_64.tar.gz -o /tmp/filebeat.tar.gz && \
+    tar -C /opt -xzf /tmp/filebeat.tar.gz && \
+    rm /tmp/filebeat.tar.gz && \
+    mv /opt/filebeat-${FILEBEAT_VERSION}-linux-x86_64 ${FILEBEAT_HOME} && \
+    cp ${FILEBEAT_HOME}/fields.yml ${FILEBEAT_HOME}/fields.yml.reference && \
+    mkdir ${FILEBEAT_HOME}/data && \
+    chown -R ${FILEBEAT_USER}:${FILEBEAT_USER} ${FILEBEAT_HOME} /logs && \
+    ln -s ${FILEBEAT_HOME}/filebeat /usr/local/bin/filebeat && \
+    filebeat version
+COPY config/filebeat.yml ${FILEBEAT_HOME}/
+COPY config/fields.yml ${FILEBEAT_HOME}/
+COPY config/templates/index-template.json.tpl ${FILEBEAT_HOME}/
+COPY scripts/get_cloudflare_logs.sh /usr/local/bin/
+COPY scripts/docker-entrypoint.sh /usr/local/bin/
+VOLUME ["/logs"]
+USER ${FILEBEAT_USER}
+ENTRYPOINT ["/usr/bin/dumb-init", "--"]
+CMD ["/usr/local/bin/docker-entrypoint.sh"]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Anastas Dancha
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,73 @@
+Retrieving Cloudflare logs via [Logpull API][logpull], and pushing them
+into Elasticsearch with [Filebeat][filebeat].
+
+
+## Local Development
+
+### Build
+
+```sh
+docker build -t get-logs .
+```
+
+### Launch
+
+> Before launching, make sure to set your CF credentials as environment variables
+> ```
+> export CF_ZONE_ID=51e241f08e014feb95d1b2760228d12a
+> export [email protected]
+> export CF_AUTH_KEY=51e241f08e014feb95d1b2760228d12a2df50
+> ```
+> or modify [`docker-compose.yaml`][docker-compose.yaml] appropriately (see docs on [`env_file`][compose-env-file], and [`environment`][compose-environment] usage)
+
+After launching local environment, access Kibana via http://localhost:5601/app/kibana#/discover.
+
+
+#### With Docker Compose
+
+```sh
+# launch Elasticsearch, Kibana, and get-logs container instances
+docker-compose up -d
+
+# keep an eye on the logs
+docker-compose logs -f get-logs
+```
+
+#### Launch manually
+
+```sh
+# launch Elasticsearch container instance
+docker run -d \
+  --name es \
+  -p 9200:9200 \
+  -e "discovery.type=single-node" \
+  docker.elastic.co/elasticsearch/elasticsearch:7.6.2
+
+# launch Kibana container instance
+docker run -d \
+  --name ki \
+  -p 5601:5601 \
+  --link es:elasticsearch \
+  docker.elastic.co/kibana/kibana:7.6.2
+
+# launch Cloudflare Logpull container instance
+docker run -it --rm \
+  -e CF_AUTH_EMAIL \
+  -e CF_AUTH_KEY \
+  -e CF_ZONE_ID \
+  -e SAMPLE_RATE="0.01" \
+  -e ES_HOST="http://elasticsearch:9200" \
+  -e ES_INDEX="cloudflare-test" \
+  -e ES_INDEX_SHARD=6 \
+  -e ES_INDEX_REPLICAS=0 \
+  -e ES_INDEX_REFRESH=10s \
+  --link es:elasticsearch \
+  get-logs
+```
+
+[link reference]::
+[logpull]: https://developers.cloudflare.com/logs/logpull-api/
+[filebeat]: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-overview.html
+[compose-env-file]: https://docs.docker.com/compose/compose-file/#env_file
+[compose-environment]: https://docs.docker.com/compose/compose-file/#environment
+[docker-compose.yaml]: ./docker-compose.yaml