arun81/docker-bro-elk

Zeek(Bro)-IDS & ELK 6.6.0 Integration using Docker Compose

Integration of Bro Network Security Monitor and ELK stack (i.e., Elasticsearch-Logstash-Kibana) using Docker Compose.

This is a simple integration based on the following open-source projects:

Prerequisites

Docker version 1.10.0+
Docker Compose version 1.6.0+

Configuration

Configure bro service in docker-compose.yml to listen to different network interface (default is eth0).

Usage

To run docker-bro-elk:

docker-compose up

or in detached mode:

docker-compose up -d

After running the services, you can access Kibana interface at http://localhost:5601 and create new index pattern with prefix logstash-* to start exploring network data captured by Zeek(Bro).

To stop docker-bro-elk, simply press Ctrl+C if running in foreground mode, or run the following command if running in detached mode:

docker-compose down

About

Zeek (Bro) Network Security Monitor integration with ELK 6.5.3 stack using Docker Compose

Languages

Language:Bro 85.3%Language:Dockerfile 14.7%