/docker-bro-elk

Zeek (Bro) Network Security Monitor integration with ELK 6.5.3 stack using Docker Compose

Primary LanguageBro

Zeek(Bro)-IDS & ELK 6.6.0 Integration using Docker Compose

Integration of Bro Network Security Monitor and ELK stack (i.e., Elasticsearch-Logstash-Kibana) using Docker Compose.

This is a simple integration based on the following open-source projects:

Prerequisites

Configuration

Configure bro service in docker-compose.yml to listen to different network interface (default is eth0).

Usage

To run docker-bro-elk:

docker-compose up

or in detached mode:

docker-compose up -d

After running the services, you can access Kibana interface at http://localhost:5601 and create new index pattern with prefix logstash-* to start exploring network data captured by Zeek(Bro).

To stop docker-bro-elk, simply press Ctrl+C if running in foreground mode, or run the following command if running in detached mode:

docker-compose down