Public | Automated Build

Last pushed: 4 days ago
Short Description
A powerful network analysis framework that is much different from the typical IDS you may know.
Full Description

The Bro Network Security Monitor

Bro is a powerful network analysis framework that is much different from the
typical IDS you may know.

  • Adaptable
  • Efficient
  • Flexible
  • Forensics
  • Commercially Supported
  • In-depth Analysis
  • Highly Stateful
  • Open Interfaces
  • Open Source

docker-compose.yml

bro:
  image: vimagick/bro
  command: bro -C -i eth0
  volumes:
    - ./logs:/opt/bro/logs
  net: container:shadowsocks_shadowsocks_1

We are going to monitor shadowsocks which is a socks5 server.

up and running

$ cd ~/fig/bro/

$ docker-compose up -d

$ docker exec -it bro_bro_1 bash
>>> cat dns.log | bro-cut query | sort | uniq -c | sort -nr | head -5
    10 www.youtube.com
    3 twitter.com
    2 www.google.com
    1 www.baidu.com
    1 www.facebook.com
>>> exit

Don't be evil!

Docker Pull Command
Owner
vimagick
Source Repository

Comments (0)