From 742465b7550280665021af38291e709704715865 Mon Sep 17 00:00:00 2001
From: Marco Ochse <t3chn0m4g3@users.noreply.github.com>
Date: Tue, 23 Apr 2024 15:35:35 +0200
Subject: [PATCH] Updated Reconfigure logstash.conf (markdown)

---
 Reconfigure-logstash.conf.md | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/Reconfigure-logstash.conf.md b/Reconfigure-logstash.conf.md
index a63c0b6..1f2aa1a 100644
--- a/Reconfigure-logstash.conf.md
+++ b/Reconfigure-logstash.conf.md
@@ -15,7 +15,7 @@ systemctl stop tpot
  
 ### 3. Adjust `logstash.conf` to your needs:
 ```
-vi /data/elk/logstash.conf
+vi $HOME/tpotce/data/elk/logstash.conf
 
 [...]
 # Output section         
@@ -48,13 +48,13 @@ output {
  
 ### 4. Set correct permissions:
 ```
-chmod 760 /data/elk/logstash.conf
-chown tpot:tpot /data/elk/logstash.conf
+chmod 760 $HOME/tpotce/data/elk/logstash.conf
+chown tpot:tpot $HOME/tpotce/data/elk/logstash.conf
 ```
 
-### 5. Adjust `tpot.yml` by adding docker volume for `logstash.conf`:
+### 5. Adjust `docker-compose.yml` by adding docker volume for `logstash.conf`:
 ```
-vi /opt/tpot/etc/tpot.yml
+vi $HOME/tpotce/docker-compose.yml
 
 [...]
 ## Logstash service
@@ -64,12 +64,19 @@ vi /opt/tpot/etc/tpot.yml
     depends_on:
       elasticsearch:
         condition: service_healthy
-    env_file:
-     - /opt/tpot/etc/compose/elk_environment
-    image: "dtagdevsec/logstash:1903"
+    environment:
+     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
+     - TPOT_TYPE=${TPOT_TYPE:-HIVE}
+     - TPOT_HIVE_USER=${TPOT_HIVE_USER}
+     - TPOT_HIVE_IP=${TPOT_HIVE_IP}
+    ports:
+     - "127.0.0.1:64305:64305"
+    mem_limit: 2g
+    image: ${TPOT_REPO}/logstash:${TPOT_VERSION}
+    pull_policy: ${TPOT_PULL_POLICY}
     volumes:
-     - /data:/data
-     - /data/elk/logstash.conf:/etc/logstash/logstash.conf
+     - ${TPOT_DATA_PATH}:/data
+     - ${TPOT_DATA_PATH}/elk/logstash.conf:/etc/logstash/logstash.conf
 [...]
 ```