Skip to content
/ docker-bro-elk Public

Bro Network Security Monitor integration with ELK stack using Docker Compose

4 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pvnguyen/docker-bro-elk

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
bro
bro
 
 
elasticsearch
elasticsearch
 
 
kibana
kibana
 
 
logstash
logstash
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

Bro ELK Integration using Docker Compose

Integration of Bro Network Security Monitor and ELK stack (i.e., Elasticsearch-Logstash-Kibana) using Docker Compose.

This is a simple integration based on the following open-source projects:

Prerequisites

Configuration

Configure bro service in docker-compose.yml to listen to different network interface (default is eth0).

Usage

To run docker-bro-elk:

docker-compose up

or in detached mode:

docker-compose up -d

After running the services, you can access Kibana interface at http://localhost:5601 and create new index pattern with prefix logstash-* to start exploring network data captured by Bro.

To stop docker-bro-elk, simply press Ctrl+C if running in foreground mode, or run the following command if running in detached mode:

docker-compose down

About

Bro Network Security Monitor integration with ELK stack using Docker Compose

Topics

docker docker-compose bro elk-stack

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages