A powerful network analysis framework that is much different from the typical IDS you may know.
The Bro Network Security Monitor
Bro is a powerful network analysis framework that is much different from the
typical IDS you may know.
- Commercially Supported
- In-depth Analysis
- Highly Stateful
- Open Interfaces
- Open Source
bro: image: vimagick/bro command: bro -C -i eth0 volumes: - ./logs:/opt/bro/logs net: container:shadowsocks_shadowsocks_1
We are going to monitor
shadowsockswhich is a socks5 server.
up and running
$ cd ~/fig/bro/ $ docker-compose up -d $ docker exec -it bro_bro_1 bash >>> cat dns.log | bro-cut query | sort | uniq -c | sort -nr | head -5 10 www.youtube.com 3 twitter.com 2 www.google.com 1 www.baidu.com 1 www.facebook.com >>> exit
Don't be evil!
Docker Pull Command