This repo is based of off https://github.com/dragoangel/parsedmarc-dockerized.
This stack includes:
- ParseDMARC
- Elasticsearch & Kibana to store and visualize parsed data
-
Install Docker and Docker Compose.
-
Allow IMAP access to [email protected] in gmail settings. Also allow less secure apps access from the accounts settings.
-
Run
ansible-playbook playbook.yml --extra-vars '@passwd.yml' --tags parsedmarcfrom Prodeko's infrastructure repo. -
Download & Import exports.ndjson.
Go to https://dmarc.prodeko.org/app/management/kibana/objects click on Import.
Import downloaded kibana_saved_objects.ndjson with override.
If you are not seeing recent updates in the Kibana dasboard try the following useful commands to debug cluster health and shard allocation issues:
# Run from kibana container
$ curl -XGET 'https://elasticsearch:9200/_cluster/health?pretty'
# Source: https://www.datadoghq.com/blog/elasticsearch-unassigned-shards/
# Understand shard allocation issues
$ curl -XGET 'https://elasticsearch:9200/_cluster/allocation/explain?pretty'
# Delete all shards
# WARNING: you should restart the container group in order to create the indices again
$ curl -XDELETE https://elasticsearch:9200/_all
# The following command was used to set the 'number_of_replicas' setting on all existing indices to 0
$ curl -XPUT "https://elasticsearch:9200/_template/default_template" -H 'Content-Type: application/json' -d'
{
"index_patterns": ["*"],
"settings": {
"number_of_replicas": 0
}
}
'
