Use 'ivre passiverecon2db' with an externalised zeek container. #1554
-
|
Good morning, I'm using IVRE via docker containers, principally for the flows map. To achieve this, I have a zeek container which tranforms the data (initially in pcap) in the good format and sent it to the ivre/client container. This way is working well. However, I would like to go further while using the same procedure. My aim is to import in the ivre view these elements (ie, in the same way than my flow map). The documentation seems to implie that zeek need to be installed in the same environment than ivre (what I don't have). So, It is possible to import passive data in the ivre view without having zeek in the same environment than ivre ? Thanks |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
You need the Passiverecon Zeek modules, that comes with IVRE. You can get it from the ivre repository or from a Docker images for example. By the way, if it may help the |
Beta Was this translation helpful? Give feedback.
You need the Passiverecon Zeek modules, that comes with IVRE. You can get it from the ivre repository or from a Docker images for example.
By the way, if it may help the
ivre/clientimage comes with Zeek installed under/opt/zeek.