search

jasonish / docker-suricata

A Suricata Docker image.
https://hub.docker.com/r/jasonish/suricata/
MIT License
250 stars 76 forks source link

whereis the log? #7

Closed smarttang closed 4 years ago

smarttang commented 4 years ago 
[root@localhost docker-suricata-elk]# docker run --rm -it --net=host \
>     --cap-add=net_admin --cap-add=sys_nice \
>     jasonish/suricata:latest -i ens192
Checking for capability cap_sys_nice: yes
Checking for capability cap_net_admin: yes
[1] 16/1/2020 -- 08:31:00 - (suricata.c:1083) <Notice> (LogVersion) -- This is Suricata version 5.0.1 RELEASE running in SYSTEM mode

[1] 16/1/2020 -- 08:31:24 - (tm-threads.c:2164) <Notice> (TmThreadWaitOnThreadInit) -- all 4 packet processing threads, 4 management threads initialized, engine started.

where is the log? I can't find the log... I want get the log in elk...

jasonish commented 4 years ago

Use a volume:

-v /var/log/suricata:$(pwd)

should log to the current directory on your host system.

smarttang commented 4 years ago

thx...