Note: There is no official Docker image for Snort from Cisco. Community-maintained images are available.
# Example community image (verify before use)
docker pull jasonish/snort:latest
# Snort 3 community image
docker pull jasonish/snort:3
Create a Dockerfile:
FROM ubuntu:22.04
RUN apt-get update && apt-get install -y \
snort \
&& rm -rf /var/lib/apt/lists/*
ENTRYPOINT ["snort"]
Build and run:
docker build -t snort .
# Run Snort in test mode
docker run --rm --network host snort --version
# Run Snort with rules
docker run --rm --network host -v /path/to/rules:/etc/snort/rules snort -c /etc/snort/rules/snort.conf
version: '3.8'
services:
snort:
image: jasonish/snort:latest
container_name: snort
network_mode: host
volumes:
- ./snort.conf:/etc/snort/snort.conf:ro
- ./rules:/etc/snort/rules:ro
- ./logs:/var/log/snort
restart: unless-stopped
command: ["-c", "/etc/snort/snort.conf", "-A", "console"]
--network host or specific capabilities)/var/log/snort