Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hedgehog Linux in Docker #562

Closed
devilman85 opened this issue Jan 20, 2025 · 1 comment
Closed

Hedgehog Linux in Docker #562

devilman85 opened this issue Jan 20, 2025 · 1 comment
Labels
capture Relating to pcap-capture container docker Relating to docker and docker-compose as used by Malcolm sensor For issues dealing with the Hedgehog OS capture sensor

Comments

@devilman85
Copy link

devilman85 commented Jan 20, 2025
edited
Loading

I hope this message finds you well. I would like to propose the idea of creating a Dockerized version of Hedgehog Linux as part of the Malcolm ecosystem.

This would provide several advantages:

Simplified deployment: Users could quickly deploy Hedgehog Linux alongside Malcolm without needing separate hardware or complex configurations.

Improved compatibility: A Docker container would ensure consistent environments, making it easier to integrate Hedgehog Linux with Malcolm.

Enhanced flexibility: Users could scale and test Hedgehog Linux instances as needed, taking advantage of the modularity of Docker.

Given the growing importance of Hedgehog Linux in traffic analysis workflows, I believe this addition could greatly enhance the overall user experience for the Malcolm community.

Thank you for considering this suggestion, and I would be happy to provide more details if needed.

Best regards
@devilman85 devilman85 added the enhancement New feature or request label Jan 20, 2025
@mmguero mmguero added this to Malcolm Jan 20, 2025
@mmguero
Copy link
Collaborator

mmguero commented Jan 20, 2025

This is already possible using the Hedgehog run profile.

“Hedgehog” run profile

Another configuration for monitoring local network interfaces is to use the hedgehog run profile. During Malcolm configuration users are prompted “Run with Malcolm (all containers) or Hedgehog (capture only) profile?” Docker Compose can use profiles to selectively start services. While the malcolm run profile runs all of Malcolm’s containers (OpenSearch, Dashboards, LogStash, etc.), the hedgehog profile runs only the containers necessary for traffic capture.

When configuring the hedgehog profile, users must provide connection details for another Malcolm instance to which to forward its network traffic logs.

Closing as duplicate of idaholab#254

@mmguero mmguero closed this as completed Jan 20, 2025
@github-project-automation github-project-automation bot moved this to Done in Malcolm Jan 20, 2025
@mmguero mmguero added docker Relating to docker and docker-compose as used by Malcolm sensor For issues dealing with the Hedgehog OS capture sensor capture Relating to pcap-capture container and removed enhancement New feature or request labels Jan 20, 2025
@mmguero mmguero moved this from Done to Invalid in Malcolm Jan 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
capture Relating to pcap-capture container docker Relating to docker and docker-compose as used by Malcolm sensor For issues dealing with the Hedgehog OS capture sensor
Projects
Malcolm
Status: Invalid
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mmguero @devilman85