Bro-2.5 (git) on alpine linux with elasticsearch 2+ plugin. It was build with danielguerra/alpine-bro-build. The extracted size is 27M.
Elasticsearch:
docker run -d --name elasticsearch elasticsearchThis image:
docker run -ti --rm -v /Users/PCAP:/data/pcap --link elasticsearch:elasticsearch danielguerra/bro-alpine-elasticsearch
bro -r ../pcap/my.pcapAll logging goes to elasticsearch, there is no local log.
If you want a local log run the following from the bro-alpine-elasticsearch commandline
sed -i "s/default_writer = WRITER_NONE/default_writer = WRITER_ASCII/g" /usr/local/share/bro/base/frameworks/logging/main.bro
bro -r ../pcap/my.pcap