version: '2'

services:
  broseek:
    image: blacktop/zeek:elastic
    hostname: broseek
    container_name: broseek
    restart: always
    command: -i af_packet::ens192 local "Site::local_nets += { 127.0.0.1/8,
      172.0.0.0/24,
      172.1.0.0/24,
      172.2.0.0/24,
      172.3.0.0/24,
      172.4.0.0/24,
      172.5.0.0/24,
      172.6.0.0/24,
      172.7.0.0/24,
      172.8.0.0/24,
      172.9.0.0/24,
      172.10.0.0/24,
      172.11.0.0/24,
      172.12.0.0/24,
      172.13.0.0/24,
      172.14.0.0/24,
      172.15.0.0/24,
      172.16.0.0/24,
      172.17.0.0/24,
      172.18.0.0/24,
      172.19.0.0/24,
      172.20.0.0/24,
      172.21.0.0/24,
      172.22.0.0/24,
      172.23.0.0/24,
      172.24.0.0/24,
      172.25.0.0/24,
      172.26.0.0/24,
      172.27.0.0/24,
      172.28.0.0/24,
      172.29.0.0/24,
      172.30.0.0/24,
      172.31.0.0/24,
      172.32.0.0/24,
      172.33.0.0/24,
      172.34.0.0/24,
      172.35.0.0/24,
      172.36.0.0/24,
      172.37.0.0/24,
      172.38.0.0/24,
      172.39.0.0/24,
      172.40.0.0/24,
      172.41.0.0/24,
      172.42.0.0/24,
      172.43.0.0/24,
      172.44.0.0/24,
      172.45.0.0/24,
      172.46.0.0/24,
      172.47.0.0/24,
      172.48.0.0/24,
      172.49.0.0/24,
      172.50.0.0/24,
      172.51.0.0/24,
      172.52.0.0/24,
      172.53.0.0/24,
      172.54.0.0/24,
      172.55.0.0/24,
      172.56.0.0/24,
      172.57.0.0/24,
      172.58.0.0/24,
      172.59.0.0/24,
      172.60.0.0/24,
      172.61.0.0/24,
      172.62.0.0/24,
      172.63.0.0/24,
      172.64.0.0/24,
      172.65.0.0/24,
      172.66.0.0/24,
      172.67.0.0/24,
      172.68.0.0/24,
      172.69.0.0/24,
      172.70.0.0/24,
      172.71.0.0/24,
      172.72.0.0/24,
      172.73.0.0/24,
      172.74.0.0/24,
      172.75.0.0/24,
      172.76.0.0/24,
      172.77.0.0/24,
      172.78.0.0/24,
      172.79.0.0/24,
      172.80.0.0/24,
      172.81.0.0/24,
      172.82.0.0/24,
      172.83.0.0/24,
      172.84.0.0/24,
      172.85.0.0/24,
      172.86.0.0/24,
      172.87.0.0/24,
      172.88.0.0/24,
      172.89.0.0/24,
      172.90.0.0/24,
      172.91.0.0/24,
      172.92.0.0/24,
      172.93.0.0/24,
      172.94.0.0/24,
      172.95.0.0/24,
      172.96.0.0/24,
      172.97.0.0/24,
      172.98.0.0/24,
      172.99.0.0/24,
      172.100.0.0/24,
      172.101.0.0/24,
      172.102.0.0/24,
      172.103.0.0/24,
      172.104.0.0/24,
      172.105.0.0/24,
      172.106.0.0/24,
      172.107.0.0/24,
      172.108.0.0/24,
      172.109.0.0/24,
      172.110.0.0/24,
      172.111.0.0/24,
      172.112.0.0/24,
      172.113.0.0/24,
      172.114.0.0/24,
      172.115.0.0/24,
      172.116.0.0/24,
      172.117.0.0/24,
      172.118.0.0/24,
      172.119.0.0/24,
      172.120.0.0/24,
      172.121.0.0/24,
      172.122.0.0/24,
      172.123.0.0/24,
      172.124.0.0/24,
      172.125.0.0/24,
      172.126.0.0/24,
      172.127.0.0/24,
      172.128.0.0/24,
      172.129.0.0/24,
      172.130.0.0/24,
      172.131.0.0/24,
      172.132.0.0/24,
      172.133.0.0/24,
      172.134.0.0/24,
      172.135.0.0/24,
      172.136.0.0/24,
      172.137.0.0/24,
      172.138.0.0/24,
      172.139.0.0/24,
      172.140.0.0/24,
      172.141.0.0/24,
      172.142.0.0/24,
      172.143.0.0/24,
      172.144.0.0/24,
      172.145.0.0/24,
      172.146.0.0/24,
      172.147.0.0/24,
      172.148.0.0/24,
      172.149.0.0/24,
      172.150.0.0/24,
      172.151.0.0/24,
      172.152.0.0/24,
      172.153.0.0/24,
      172.154.0.0/24,
      172.155.0.0/24,
      172.156.0.0/24,
      172.157.0.0/24,
      172.158.0.0/24,
      172.159.0.0/24,
      172.160.0.0/24,
      172.161.0.0/24,
      172.162.0.0/24,
      172.163.0.0/24,
      172.164.0.0/24,
      172.165.0.0/24,
      172.166.0.0/24,
      172.167.0.0/24,
      172.168.0.0/24,
      172.169.0.0/24,
      172.170.0.0/24,
      172.171.0.0/24,
      172.172.0.0/24,
      172.173.0.0/24,
      172.174.0.0/24,
      172.175.0.0/24,
      172.176.0.0/24,
      172.177.0.0/24,
      172.178.0.0/24,
      172.179.0.0/24,
      172.180.0.0/24,
      172.181.0.0/24,
      172.182.0.0/24,
      172.183.0.0/24,
      172.184.0.0/24,
      172.185.0.0/24,
      172.186.0.0/24,
      172.187.0.0/24,
      172.188.0.0/24,
      172.189.0.0/24,
      172.190.0.0/24,
      172.191.0.0/24,
      172.192.0.0/24,
      172.193.0.0/24,
      172.194.0.0/24,
      172.195.0.0/24,
      172.196.0.0/24,
      172.197.0.0/24,
      172.198.0.0/24,
      172.199.0.0/24,
      172.200.0.0/24,
      172.201.0.0/24,
      172.202.0.0/24,
      172.203.0.0/24,
      172.204.0.0/24,
      172.205.0.0/24,
      172.206.0.0/24,
      172.207.0.0/24,
      172.208.0.0/24,
      172.209.0.0/24,
      172.210.0.0/24,
      172.211.0.0/24,
      172.212.0.0/24,
      172.213.0.0/24,
      172.214.0.0/24,
      172.215.0.0/24,
      172.216.0.0/24,
      172.217.0.0/24,
      172.218.0.0/24,
      172.219.0.0/24,
      172.220.0.0/24,
      172.221.0.0/24,
      172.222.0.0/24,
      172.223.0.0/24,
      172.224.0.0/24,
      172.225.0.0/24,
      172.226.0.0/24,
      172.227.0.0/24,
      172.228.0.0/24,
      172.229.0.0/24,
      172.230.0.0/24,
      172.231.0.0/24,
      172.232.0.0/24,
      172.233.0.0/24,
      172.234.0.0/24,
      172.235.0.0/24,
      172.236.0.0/24,
      172.237.0.0/24,
      172.238.0.0/24,
      172.239.0.0/24,
      172.240.0.0/24,
      172.241.0.0/24,
      172.242.0.0/24,
      172.243.0.0/24,
      172.244.0.0/24,
      172.245.0.0/24,
      172.246.0.0/24,
      172.247.0.0/24,
      172.248.0.0/24,
      172.249.0.0/24,
      172.250.0.0/24,
      172.251.0.0/24,
      172.252.0.0/24,
      172.253.0.0/24,
      172.254.0.0/24,
      172.255.0.0/24 }"
    volumes:
      - ./pcap:/pcap
    cap_add:
      - NET_RAW
    network_mode: host

#  broseek-elastic:
#    image: blacktop/elasticsearch:x-pack-7.4.0
#    hostname: broseek-elastic
#    container_name: broseek-elastic
#    restart: always
#    environment:
#      - discovery.type=single-node
#    expose:
#      - 9200
#
#  broseek-kibana:
#    image: blacktop/kibana:x-pack-7.4.0
#    hostname: broseek-kibana
#    container_name: broseek-kibana
#    restart: always
#    environment:
#      - xpack.reporting.enabled=false
#    links:
#      - broseek-elastic
#    expose:
#      - 5601

  broseek-filebeat:
    image: blacktop/filebeat
    hostname: broseek-filebeat
    container_name: broseek-filebeat
    restart: always
    command: -e
    volumes:
      - ./pcap:/pcap
    external_links:
      - elasticsearch
      - kibana
    networks:
      elk:

networks:
  elk:
    external:
      name: elk_mynet