/docker-snort

Snort is an open-source, free and lightweight network intrusion detection system (NIDS) software for Linux and Windows to detect emerging threats. This container is designed to run snort with standard configurations and forward logs to the DNIF Adapter (AD) over the http API.

Primary LanguageShellApache License 2.0Apache-2.0

docker-snort

Snort is an open-source, free and lightweight network intrusion detection system (NIDS) software for Linux and Windows to detect emerging threats. This container is designed to run snort with standard configurations and forward logs to the DNIF Adapter (AD) over the http API.

On startup the container runs snort with the given parameters, and also runs snort-agent in the background that collects log entries generated by snort and transmits them over HTTP to the DNIF Adapter.

Getting Started

  • Install docker-ce more information available on the Docker Site
  • Download and run (dry-run) dnif/snort image using docker run --rm -it dnif/snort /bin/bash

Running Snort

Snort is desinged to run at container initialization, however it needs to be initiated with dynamic variables.

  • HOME_NET is the local network definition used by snort.
  • INTERFACE is the local interface that needs to be monitored
  • AD is the address of the DNIF Adapter (AD)

Sample Commands

docker run --rm -it snort /bin/bash
docker run -d -e HOME_NET=1.2.3.4 -e INTERFACE=eth0 -e AD=172.16.10.156 --net=host --cap-add=NET_ADMIN dnif/snort