Public | Automated Build

Last pushed: 3 months ago
Short Description
Suricata Docker image.
Full Description

Suricata Docker Image


You will most likely want to run Suricata on a network interface on
your host machine rather than the network interfaces normally provided
inside a container:

docker run -it --net=host jasonish/suricata -i <interface>

But you will probably want to see what Suricata logs, so you may want
to start it like:

docker run -it --net=host -v $(pwd)/logs:/var/log/suricata \
    jasonish/suricata -i <interface>

which will map the logs directory (in your current directory) to the
Suricata log directory in the container so you can view the Suricata
logs from outside the container.



The directory /var/log/suricata is exposed as a volume. Another
container can attach it by using the --volumes-from Docker option.
For example:

  • Start the Suricata container with a name:

    docker run -it --net=host --name=suricata jasonish/suricata -i enp3s0

  • Start a second container with volumes-from:

    docker run -it --net=host --volumes-from=suricata logstash /bin/bash

This will expose /var/log/suricata from the Suricata container as
/var/log/suricata in the Logstash container.

Docker Pull Command
Source Repository