E.T. Proxy Logs Checker [ETPLC]

Ported ETPLC project on Docker Technology:

-First Install Docker on your linux box

-Search ETPLC project on Docker image like this:

$ docker search etplc (don't forget sudo if you need)
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
rmkml/etplc The Emerging Threats Proxy Logs Checker open source project. 0

-ok now easy install new ETPLC image like this:

$ docker pull rmkml/etplc (don't forget sudo if you need)
latest: Pulling from rmkml/etplc
xxxxxxxxxxxx: Pull complete
yyyyyyyyyyyy: Pull complete
zzzzzzzzzzzz: Already exists
Digest: sha256:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Status: Downloaded newer image for rmkml/etplc:latest

-Now, start ETPLC image like this:

$ docker run -t -i rmkml/etplc /bin/bash (don't forget sudo if you need)

-Change directory:

root@0123456789ab:/# cd /root (Running ETPLC project on root is not recommended but it's works)

-Now, easy to play an internal (i) example log file:

root@0123456789ab:~# cat i | perl etplc_5nov2015a.pl -f emergingall_sigs5may2016a_snort290b.rules.gz

-example ETPLC output results on internal (i) log file:

ok trouvé: timestamp: 2013-11-23T02:09:29.909623+01:00, server_hostname_ip: macmini, client_hostname_ip: 192.168.1.2, client_http_method: GET, client_http_uri: /mail/InboxLight.aspx, client_http_useragent: Wget/1.13.4 (linux-gnu), client_http_referer: -, client_http_cookie: fGGhTasdas=http, client_http_host: mail.live.com, http_reply_code: 200, server_remote_ip: 103.16.26.228, etmsg: ET CURRENT_EVENTS StyX EK Payload Cookie, etcookie: fGGhTasdas=http, etpcrecookie: ^fGGhTasdas=http
ok trouvé: timestamp: 2013-11-23T02:09:29.909623+01:00, server_hostname_ip: macmini, client_hostname_ip: 192.168.1.2, client_http_method: GET, client_http_uri: /mail/InboxLight.aspx, client_http_useragent: Wget/1.13.4 (linux-gnu), client_http_referer: -, client_http_cookie: fGGhTasdas=http, client_http_host: mail.live.com, http_reply_code: 200, server_remote_ip: 103.16.26.228, etmsg: ET POLICY Hotmail Inbox Access, etmethod: GET, eturishort: /mail/inboxlight.aspx depth:21, ethost: mail.live.com
ok trouvé: timestamp: 2013-11-23T02:09:29.909623+01:00, server_hostname_ip: macmini, client_hostname_ip: 192.168.1.2, client_http_method: GET, client_http_uri: /mail/InboxLight.aspx, client_http_useragent: Wget/1.13.4 (linux-gnu), client_http_referer: -, client_http_cookie: fGGhTasdas=http, client_http_host: mail.live.com, http_reply_code: 200, server_remote_ip: 103.16.26.228, etmsg: ET POLICY POSSIBLE Web Crawl using Wget, etagent: wget
ok trouvé: timestamp: 2013-11-23T02:09:29.909623+01:00, server_hostname_ip: macmini, client_hostname_ip: 192.168.1.2, client_http_method: GET, client_http_uri: /mail/InboxLight.aspx, client_http_useragent: Wget/1.13.4 (linux-gnu), client_http_referer: -, client_http_cookie: fGGhTasdas=http, client_http_host: mail.live.com, http_reply_code: 200, server_remote_ip: 103.16.26.228, etmsg: Feodo: 103.16.26.228, etremoteip: 103.16.26.228

-Ok it's works, don't forget check update on ETPLC project download page.

-Now you need to add your logs files and start ETPLC.

Feedbacks is welcome.
Thx you @Docker !