moony
/
dockerfiles
mirror of https://github.com/vimagick/dockerfiles
1
2
Fork 0
Code Issues Releases Wiki Activity
dockerfiles/bro
History
kev 82143a5b63 swith to new domain: easypi.pro 2017-05-08 07:05:07 +08:00
..
Dockerfile swith to new domain: easypi.pro 2017-05-08 07:05:07 +08:00
README.md update 2015-07-01 17:53:47 +08:00
docker-compose.yml update 2015-06-22 16:48:30 +08:00

README.md

The Bro Network Security Monitor

Bro is a powerful network analysis framework that is much different from the typical IDS you may know.

  • Adaptable
  • Efficient
  • Flexible
  • Forensics
  • Commercially Supported
  • In-depth Analysis
  • Highly Stateful
  • Open Interfaces
  • Open Source

docker-compose.yml

bro:
  image: vimagick/bro
  command: bro -C -i eth0
  volumes:
    - ./logs:/opt/bro/logs
  net: container:shadowsocks_shadowsocks_1

We are going to monitor shadowsocks which is a socks5 server.

up and running

$ cd ~/fig/bro/

$ docker-compose up -d

$ docker exec -it bro_bro_1 bash
>>> cat dns.log | bro-cut query | sort | uniq -c | sort -nr | head -5
    10 www.youtube.com
    3 twitter.com
    2 www.google.com
    1 www.baidu.com
    1 www.facebook.com
>>> exit

Don't be evil!