docker-compose bro elasticsearch

Daniel_Guerra · June 8, 2016, 11:27pm

Hi All,

I have made a docker-compose yml file that starts and configures a bro ELK combination.
The connection pcap is available from kibana and the extracted files too. It might need some
improvement but the basic concept works.

wget https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/master/docker-compose.yml
export DOCKERHOST=<dockerhost-ip>
export COMPOSE_API_VERSION=1.18
docker-compose pull
docker-compose up

It listens on tcp port 1969 for pcap files.
nc <dockerhost-ip> 1969 < my.pcap
tcpdump -i eth0 -s 0 -w - not host <dockerhost-ip> | nc <dockerhost-ip> 1969

And kibana listens to 5601

http://<dockerhost-ip>:5601/

Regards,

Daniel

Topic		Replies	Views
Quick question on conn tracking Zeek	8	74	May 6, 2022
Deploying Bro Cluster using Docker container technology Zeek	1	56	May 6, 2022
Have a cluster infrastructure read pcaps Zeek	1	117	May 6, 2022
PCAP help Zeek	3	65	May 6, 2022
can't get the http analyzer to print anything Zeek	3	60	May 6, 2022

docker-compose bro elasticsearch

Related Topics