Note: There is no official Docker image from OISF (Open Information Security Foundation). Community-maintained images are available.
# Popular community image by Jason Ish
docker pull jasonish/suricata:latest
# Alternative community images
docker pull ohmyadd/suricata:latest
Create a Dockerfile:
FROM ubuntu:22.04
RUN apt-get update && apt-get install -y \
suricata \
&& rm -rf /var/lib/apt/lists/*
ENTRYPOINT ["suricata"]
Build and run:
docker build -t suricata .
# Run Suricata in test mode
docker run --rm jasonish/suricata:latest --version
# Run Suricata with configuration
docker run --rm --network host -v /path/to/suricata.yaml:/etc/suricata/suricata.yaml jasonish/suricata:latest -c /etc/suricata/suricata.yaml
version: '3.8'
services:
suricata:
image: jasonish/suricata:latest
container_name: suricata
network_mode: host
volumes:
- ./suricata.yaml:/etc/suricata/suricata.yaml:ro
- ./rules:/var/lib/suricata/rules:ro
- ./logs:/var/log/suricata
restart: unless-stopped
command: ["-c", "/etc/suricata/suricata.yaml", "-D"]
--network host or specific capabilities like CAP_NET_RAW)/var/log/suricata