forked from ANSSI-FR/shovel
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
32 lines (31 loc) · 1.2 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# Copyright (C) 2024 ANSSI
# SPDX-License-Identifier: CC0-1.0
services:
suricata:
build: ./suricata
image: anssi/shovel-suricata:dev
volumes:
- "./input_pcaps:/input_pcaps:ro"
- "./suricata/rules:/suricata/rules:ro"
- "./suricata/output:/suricata/output:rw"
environment:
# Include the name of the input pcap file in Suricata EVE logs (default: true)
PCAP_FILE: "true"
# Make Suricata wait for new pcap files (default: true)
# You need to disable this to see the last few flows, else Suricata will wait without logging them.
PCAP_FILE_CONTINUOUS: "true"
webapp:
build: ./webapp
image: anssi/shovel-webapp:dev
volumes:
# You may remove the next line if `PCAP_FILE=false` in Suricata env
- "./input_pcaps:/input_pcaps:ro"
# Write access is required in SQLite `mode=ro` as readers need to record
# a mark in the WAL file. If you need to make the volume read-only, then
# use `immutable=1` parameter in SQLite databases URI. In immutable mode,
# SQLite doesn't follow changes made to the database.
- "./suricata/output:/suricata/output:rw"
ports:
- 127.0.0.1:8000:8000
env_file:
- .env