- This demo (currently) runs 16 different Docker containers, so this might be too much for your laptop.
- Testing has been done on a c4.4xlarge EC2 instance, with good performance (probably over-provisioned).
- It's recommended to run
docker system prune -abefore runningdocker-compose
-
Running a really big pcap [optional]
- The packet capture file included in this repository features DNS exfiltration (among other things), but will repeat itself after a few minutes. This can be tiresome during a live demo or workshop.
- Run
python3 scripts/get_pcap.pyscript to download a 1GB/1hr playback pcap.
-
Running NOT on
localhost- You need to advertise the correct public DNS hostname for the ksqlDB server to ensure that the ksqlDB editor in Confluent Control Center works without error.
- Run the
./scripts/edit-docker-compose.shscript to change thelocalhostvalue inCONTROL_CENTER_KSQL_KSQLDB1_ADVERTISED_URL: "http://localhost:8088"to whatever the public DNS hostname is for your EC2 instance. - Note: This only works in AWS (AFAIK)
- Cross your fingers
- Run
docker-compose up -d
If you are using sudo with docker-compose then you will likely need to use the -E option to sudo so it inherits your environmental variables so the last command will become sudo -E docker-compose up -d
- This demo is a combination of three different reposistories:
- Each of these repositories has their own README files and walk-throughs.
- Some examples using ksqlDB for processing Zeek IDS data are included:
- Watch this space for a new walk-through script that incorporates the best parts of all three.