Skip to content
This repository has been archived by the owner on Jan 21, 2023. It is now read-only.

Latest commit

 

History

History
22 lines (16 loc) · 431 Bytes

usage.md

File metadata and controls

22 lines (16 loc) · 431 Bytes
Raw

Usage

Capture Live Traffic

docker run --rm --cap-add=NET_RAW --net=host -v `pwd`:/pcap:rw blacktop/zeek -i eth0

Use your own pcap

$ docker run --rm -v /path/to/pcap:/pcap:rw blacktop/zeek -r my.pcap local

To use your own local.zeek

$ docker run --rm \
  -v `pwd`:/pcap \
  -v `pwd`/local.zeek:/usr/local/zeek/share/zeek/site/local.zeek \
  blacktop/zeek -r my_pcap.pcap local