September 12 2014
While getting familiar the very popular Docker Linux container tool, I went against best practice and put Suricata, Logstash, Elastic Search and Kibana into a container that is looking promising for demonstration purposes. If you already run this stack on one machine, it might be suitable for real use as well. What you get is a very simple to run application container that abstracts all the tools above into a single application. Assuming you have Docker already installed, you can get a feel for Suricata + ELK with a couple commands:
git pull https://github.com/jasonish/docker-suricata-elk.git cd docker-suricata-elk ./launcher start -i eth0
The first time ./launcher start is run, Docker will pull down the container file system layers so it may take a while. Subsequent starts will be much quicker. Once it looks like it is up and running, point your browser at http://localhost:7777. A few notes:
./launcher enterwill give you a shell inside the running container. This is useful to take a look around the runtime environment. Just remember that any changes you make will not be persistent.
./launcher bashwill start a new container with the bash shell and nothing running. This is mostly useul for development.