Public | Automated Build

Last pushed: 2 years ago
Short Description
[ABANDONED] This image has been abandoned. Check out
Full Description


NOTE: This Docker image is based around pre 2.0 Elastic Search and
Kibana 3. It will likely be superceded by a docker-compose setup in
the near future. Until then I highly suggest checking out
Amsterdam as an alternative.

A Docker image with Suricata and the ELK (Elastic Search, Logstash,


Unlike most Docker containers, this one uses host networking. At this
time it will attempt to bind the following ports:

  • 7777: The web interface to expose Kibana and EveBox
  • 9200: Elastic Search

This is to allow Suricata access to your physical interfaces while
running inside the Docker container. A more "Docker" approach would
probably be to break this one container into two, one for Suricata,
and one for ELK.


As this is a Docker container you need to be running Docker on Linux.
Please refer to the Docker documentation at
for installation help. Note that if running in a virtual machine you
should allocate at least 2GB of memory.

Then assuming your running on your localhost, point your browser at

The container is completely stateless with all persistent data stored
in ./data. This includes the Elastic Search database and all log

To get a shell into the running container (may require sudo):

  • ./launcher enter


If you wish to rebuild the image yourself simply run:

  • ./launcher build
Docker Pull Command
Source Repository