[Oisf-users] Suricata and Dockers

Jeripotula, Shashiraj shashiraj.jeripotula at verizon.com
Tue Mar 3 21:48:23 UTC 2015

Hi All,

I have asked this question to Victor and Peter, but would like to reach out to larger audience.

Has anyone used Suricata with Dockers ???

Presently, I have Suricata installed in one of our front end server, that hosts application specific code. So basically, Suricata acts as an host based IDS/IPS System.

We have plan to move to Docker Containers, ie an single server will host multiple containers. All this containers will host different applications. In this case does Suricata run on the host server as before or will it be part of an single container.

I am specifically interested in how Suricata can be "in-line" within a container environment.
If Suricata is run as a container, it will passively share the Linux bridge on the host.

I'm not aware of a way to make Suricata "the next hop" for layer 3 or "inline" at layer 2 to enforce Suricata rulesets without a distributed switch and VLANs in the architecture(since, it's a container, I will not be needing distributed swithches, vlans between each container).

Please advise.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150303/4b375b27/attachment.html>

More information about the Oisf-users mailing list