Cannot connect localhost Evebox on docker

Question

I use docker-compose to start Evebox, but I cannot connect it on localhost:5636.

A part of my docker-compose file :


evebox:
   image: jasonish/evebox:master
   volumes:
     - /var/log/suricata:/var/log/suricata
   links:
     - elasticsearch
   networks:
     - elk
   ports:
     - 5636:5636
   command: --input /var/log/suricata/eve.json -e http://192.168.32.15:9200


 elasticsearch:
   image: docker.elastic.co/elasticsearch/elasticsearch:6.3.1
   container_name: elasticsearch8
   environment:
     - cluster.name=docker-cluster
     - bootstrap.memory_lock=true
     - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
     - "http.cors.enabled:true"
     - "http.cors.allow-origin:\"*\""
   ulimits:
     memlock:
       soft: -1
       hard: -1
   ports:
     - 9200:9200
   networks:
     - elk
   restart: always
networks:
 elk:

I cannot connect Evebox on localhost:5636, but I can connect it when I use docker exec -it 2c50f02b7385 /bin/sh to get into docker container.

How can I fix it ?

That sounds like a symptom of the process inside the container listening on `localhost` and not `0.0.0.0`. Does it print out some information like "listening on localhost:5636" in its logs when it starts up? Can you include the actual bit of your application source code that starts listening for network connections? — David Maze, Mar 04 '20 at 11:15
Yes, I've checked the log in Evebox docker container, and it does print out "Listening on [127.0.0.1]:5636". Can I modify the source code in Evebox docker container ? — cyberlinlin, Mar 05 '20 at 01:24
Does it really work if I do modify the source code in docker container ? — cyberlinlin, Mar 05 '20 at 01:58
You'd have to change your application's source code to fix this and run `docker build` to get a new image, then re-run the `docker-compose up` command. Any change you make to files inside the container will get lost as soon as the container is deleted and recreated. — David Maze, Mar 05 '20 at 11:16
@cyberlinlin, looks like some formatting issue in your `docker-compose` file, I am trying to reproduce issue but gettting ERROR: yaml.parser.ParserError: while parsing a block mapping in "./docker-compose.yml", line 1, column 1 expected , but found '' in "./docker-compose.yml", line 14, column 2 error — , Mar 05 '20 at 15:22

score 0 · Answer 1 · answered Mar 04 '20 at 12:56

0

try adding:

expose:
  -"5636"

in your configuration, like this!

evebox:
   image: jasonish/evebox:master
   volumes:
     - /var/log/suricata:/var/log/suricata
   links:
     - elasticsearch
   networks:
     - elk
   ports:
     - 5636:5636
   expose:
     - "5636"
   command: --input /var/log/suricata/eve.json -e http://192.168.32.15:9200

answered Mar 04 '20 at 12:56

evalufran

189
2
11

Thanks for your reply! But it still doesn't work :( – cyberlinlin Mar 05 '20 at 01:28

score 0 · Answer 2 · answered Apr 11 '20 at 23:10

EveBox, as of 0.11 binds to localhost by default instead of 0.0.0.0. When running inside Docker you will need to give it a host to bind to access it from outside the docker image. This can be done with the --host parameter.

For example:

   command: --input /var/log/suricata/eve.json --host 0.0.0.0 -e http://192.168.32.15:9200

Cannot connect localhost Evebox on docker

2 Answers2