Public | Automated Build

Last pushed: 2 years ago
Short Description
[ABANDONED] This image has been abandoned. Check out https://github.com/StamusNetworks/Amsterdam
Full Description

About

NOTE: This Docker image is based around pre 2.0 Elastic Search and
Kibana 3. It will likely be superceded by a docker-compose setup in
the near future. Until then I highly suggest checking out
Amsterdam as an alternative.

A Docker image with Suricata and the ELK (Elastic Search, Logstash,
Kibana).

NOTE

Unlike most Docker containers, this one uses host networking. At this
time it will attempt to bind the following ports:

  • 7777: The web interface to expose Kibana and EveBox
  • 9200: Elastic Search

This is to allow Suricata access to your physical interfaces while
running inside the Docker container. A more "Docker" approach would
probably be to break this one container into two, one for Suricata,
and one for ELK.

Running

As this is a Docker container you need to be running Docker on Linux.
Please refer to the Docker documentation at https://docs.docker.com/
for installation help. Note that if running in a virtual machine you
should allocate at least 2GB of memory.

Then assuming your running on your localhost, point your browser at
http://localhost:7200.

The container is completely stateless with all persistent data stored
in ./data. This includes the Elastic Search database and all log
files.

To get a shell into the running container (may require sudo):

  • ./launcher enter

Building

If you wish to rebuild the image yourself simply run:

  • ./launcher build
Docker Pull Command
Owner
jasonish
Source Repository

Comments (3)
jasonish
2 years ago

Thats odd, Nginx is binding to port 7777 which is unlikely (but not impossible) to conflict with Apache running on your host system.

The issue here is that this container uses host networking to give Suricata access to the host interfaces. The real solution will be to use docker-compose where Suricata can run with host network, Nginx and Elastic Search can be confined to their containers with ports exposed or linked as needed.

slvrdragn
2 years ago

My error was due to apache running on the host system. Any way to change that to another port?

slvrdragn
2 years ago

when running on my system, I get the below every time, any suggestions?
2015-11-16 17:20:42,684 INFO exited: nginx (exit status 1; not expected)
2015-11-16 17:20:44,687 INFO spawned: 'nginx' with pid 96
2015-11-16 17:20:44,740 INFO exited: nginx (exit status 1; not expected)
2015-11-16 17:20:47,745 INFO spawned: 'nginx' with pid 140
2015-11-16 17:20:47,777 INFO exited: nginx (exit status 1; not expected)
2015-11-16 17:20:48,742 INFO gave up: nginx entered FATAL state, too many start retries too quickly