Re: Docker config in windows and linux

rahul7514 · 08-09-2024 03:59 AM

Hi All
While i was going through this documentation (https://cloud.google.com/chronicle/docs/install/docker-forwarder-windows#runcfwindocker) i observed that the docker run command has a port number defined , however the same is not seen in linux .

Can some one tell me what this -p 10514:10514 ` means , is this port number of the different log sources mentioned in the collector ,

Also when a new collector is added in Windows will that port gets added in the docker as well ?
Windows :

  docker run `
    --name cfps `
    --log-opt max-size=100m `
    --log-opt max-file=10 `
    -p 10514:10514 `
    -v c:/opt/chronicle/config:c:/opt/chronicle/external `
    -v c:/var/log/crowdstrike/falconhoseclient:c:/opt/chronicle/edr `
     gcr.io/chronicle-container/cf_production_stable

Linux

docker run \
--detach \
--name cfps \
--restart=always \
--log-opt max-size=100m \
--log-opt max-file=10 \
--net=host \
-v /opt/chronicle/config:/opt/chronicle/external \
gcr.io/chronicle-container/cf_production_stable

jpetitg

Hi,

This parameter allows docker to map the host machine port (10514) to the internal port of the container (10514) and therefore been able to send to the internal port from outside the machine.

The same parameter can be used in Linux as well but in this case it is not necessary as we have the parameter net=host which means that the containers will act like it is hosted on the machine and ports are opened directly.

One note to finish is that you will require 1 port per technology (log_type) to collect and this is just an example. If you need to collect from multiple syslog sources, other ports should also be opened in the windows docker command (10515 or above by convention but it can be others)

New SecOps Webinar May 14th! Learn about Gemini's generative AI within Google SecOps

Docker config in windows and linux