self-hosted/dockerfiles
1
0
Fork 0
mirror of https://github.com/vimagick/dockerfiles.git synced 2025-10-30 23:47:48 +02:00
Code Issues Releases Activity
Files
95b0cb5345e3746fd5419b42e1336289ab545927
dockerfiles/bro
History
kev 202392cdc6 switch to new domain: easypi.info
2016-05-01 09:06:20 +08:00
..
docker-compose.yml
update
2015-06-22 16:48:30 +08:00
Dockerfile
switch to new domain: easypi.info
2016-05-01 09:06:20 +08:00
README.md
update
2015-07-01 17:53:47 +08:00

README.md

The Bro Network Security Monitor

Bro is a powerful network analysis framework that is much different from the typical IDS you may know.

  • Adaptable
  • Efficient
  • Flexible
  • Forensics
  • Commercially Supported
  • In-depth Analysis
  • Highly Stateful
  • Open Interfaces
  • Open Source

docker-compose.yml

bro:
  image: vimagick/bro
  command: bro -C -i eth0
  volumes:
    - ./logs:/opt/bro/logs
  net: container:shadowsocks_shadowsocks_1

We are going to monitor shadowsocks which is a socks5 server.

up and running

$ cd ~/fig/bro/

$ docker-compose up -d

$ docker exec -it bro_bro_1 bash
>>> cat dns.log | bro-cut query | sort | uniq -c | sort -nr | head -5
    10 www.youtube.com
    3 twitter.com
    2 www.google.com
    1 www.baidu.com
    1 www.facebook.com
>>> exit

Don't be evil!