This docker image provides Logstash initalized for receiving system and audit log messages from the DICOM Archive dcm4chee-arc-light. It extends the official logstash image.
See Run all archive services with secured UI and storing System and Audit logs to Elastic Stack on a single host at the dcm4che Archive 5 Wiki.
Below explained environment variables can be set as per one's application to override the default values if need be.
An example of how one can set an env variable in docker run command is shown below :
-e SSL_VERIFY=true
Hostname of Elasticsearch to which logs are stored. Default value is elasticsearch.
Port of Elasticsearch to which logs are stored. Default value is 9200.
The index to write events to. This can be dynamic using the %{foo} syntax. Indexes may not contain uppercase characters.
For weekly indexes ISO 8601 format is recommended, eg. logstash-%{+xxxx.ww}.
Logstash uses Joda to format the
index pattern from event timestamp. Default value is logstash-%{type}-%{+YYYY.MM.dd}.
UDP port on which Logstash is listening for audit messages according
RFC 5426. Default value is 8514.
TCP port on which Logstash is listening for audit messages. Default value is 8514.
TCP port on which Logstash is listening using TLS for audit messages according
RFC 5425. Default value is 6514.
Path to the SSL certificate used by the TLS listener. Default value is /etc/certs/cert.pem.
Path to the SSL certificate of the certification authority (CA) used by the TLS listener. Default value is /etc/certs/ca.pem.
Path to the SSL key used by the TLS listener. Default value is /etc/certs/key.pem.
Password of the SSL key used by the TLS listener. Default value is secret.
Password of the SSL key used by the TLS listener via file input (alternative to SSL_KEY_PASSWORD).
Verify the identity of the other end of the SSL connection against the CA. Default value is false.
Validate client certificate or certificate chain against this certification authority (CA). Default value is /etc/certs/ca.pem.
Indicates to apply a default template to Elasticsearch during startup.
Default value is true.
The name of the field where the fingerprint of the audit message will be stored. Default value is fingerprint.
The name of the field where the fingerprint of the previous audit message will be stored.
Default value is fingerprint_previous.
Path of the file where the fingerprint of the previous audit message is stored. Attention: You have to mount
the file or parent directory to a volume or host directory to avoid to start a new hash tree on every re-creation
of the container. The file (or parent directory) must be writable by the logstash user of the container (uid=1000).
Default value is /usr/share/logstash/data/filter-hashtree.
The fingerprint method to use. Enumerated values: 'SHA1', 'SHA256', 'SHA384', 'SHA512', 'MD5'.
Default value is SHA1.
Character Set of HL7 v2 messages in received Audit messages. Default value is ISO-8859-1.