Suricata + ELK in Docker

September 12 2014

While getting familiar the very popular Docker Linux container tool, I went against best practice and put Suricata, Logstash, Elastic Search and Kibana into a container that is looking promising for demonstration purposes. If you already run this stack on one machine, it might be suitable for real use as well. What you get is a very simple to run application container that abstracts all the tools above into a single application. Assuming you have Docker already installed, you can get a feel for Suricata + ELK with a couple commands:

git pull https://github.com/jasonish/docker-suricata-elk.git
cd docker-suricata-elk
./launcher start -i eth0

The first time ./launcher start is run, Docker will pull down the container file system layers so it may take a while. Subsequent starts will be much quicker. Once it looks like it is up and running, point your browser at http://localhost:7777. A few notes:

Suricata + ELK Docker Container Project links: