1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2024-12-04 10:34:49 +02:00
dockerfiles/bro/README.md

50 lines
1001 B
Markdown
Raw Normal View History

2015-06-22 10:57:35 +02:00
The Bro Network Security Monitor
================================
2015-06-23 03:00:07 +02:00
[![](https://badge.imagelayers.io/vimagick/bro:latest.svg)](https://imagelayers.io/?images=vimagick/bro:latest 'Get your own badge on imagelayers.io')
2015-06-22 10:56:54 +02:00
`Bro` is a powerful network analysis framework that is much different from the
typical IDS you may know.
- Adaptable
- Efficient
- Flexible
- Forensics
- Commercially Supported
- In-depth Analysis
- Highly Stateful
- Open Interfaces
- Open Source
2015-06-22 09:35:21 +02:00
## docker-compose.yml
```
bro:
image: vimagick/bro
2015-06-22 09:56:44 +02:00
command: bro -i eth0
2015-06-22 09:35:21 +02:00
volumes:
- ./logs:/opt/bro/logs
2015-06-22 10:48:30 +02:00
net: container:shadowsocks_shadowsocks_1
2015-06-22 09:35:21 +02:00
```
2015-06-22 10:48:30 +02:00
> We are going to monitor `shadowsocks` which is a socks5 server.
2015-06-22 09:35:21 +02:00
## up and running
```
$ cd ~/fig/bro/
$ docker-compose up -d
$ docker exec -it bro_bro_1 bash
2015-06-22 10:48:30 +02:00
>>> cat dns.log | bro-cut query | sort | uniq -c | sort -nr | head -5
10 www.youtube.com
3 twitter.com
2 www.google.com
1 www.baidu.com
1 www.facebook.com
2015-06-22 09:35:21 +02:00
>>> exit
```
2015-06-22 10:48:30 +02:00
> Don't be evil!