docker-filebeat

Alpine Linux based Filebeat Docker Image

---

Why 🤔

This is initially focused on supporting the Zeek filebeats module.

I will add others if there is any demand or need later.

Dependencies

• alpine:3.10

Image Tags

$ docker images

REPOSITORY               TAG          SIZE
blacktop/filebeat        latest       68MB
blacktop/filebeat        7.7.1        68MB
blacktop/filebeat        7.6.1        68MB
blacktop/filebeat        7.4.0        68MB
blacktop/filebeat        7.3,1        98MB
blacktop/filebeat        7.0.0        48.3MB

Getting Started

Download or create your.pcap in current directory

$ docker run --init -d --name elasticsearch -p 9200:9200 blacktop/elasticsearch
$ docker run --init -d --name kibana --link elasticsearch -p 5601:5601 blacktop/kibana
$ docker run --init --rm -it -v `pwd`:/pcap \
                             --link kibana \
                             --link elasticsearch \
                             blacktop/filebeat -e
$ docker run --init --rm -it -v `pwd`:/pcap blacktop/filebeat:elastic -r your.pcap local

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.

Contributing

See all contributors on GitHub.

Please submit a Pull Request on GitHub.

License

MIT Copyright (c) 2019-2020 blacktop