[Bro] Frontend

James Lay jlay at slave-tothe-box.net
Tue Oct 22 10:29:11 PDT 2013


On 2013-10-22 11:26, Eric G wrote:
> On Oct 22, 2013 12:06 PM, "James Lay" <jlay at slave-tothe-box.net [1]>
> wrote:
>  >
>  > Hey all!
>  >
>  > So...Im looking for SOMETHING that will allow me to parse and
>  > aggregate bro, snort, and firewall logs.
>
> Splunk on the commercial side, ELSA on the free side would be my
> suggestions without hearing more details about your environment or
> needs
>
> On the free side youre going to spend time setting them up and 
> getting
> stuff configured... Thats the price of the open source log 
> aggregation
> stuff out there...
>
> --
>  Eric
>  http://www.linkedin.com/in/ericgearhart [2]

Thanks Eric...something that lifts my spirits:

Plugins

ELSA ships with several plugins:

     Windows logs from Eventlog-to-Syslog
     Snort/Suricata logs
     Bro logs
     Url logs from httpry_logger

So THAT helps...I won't have to reinvent anything.  Documentation looks 
pretty tasty as well, so let's hope it's not too much of a hassle.  I'll 
report my success/failures here.

James



More information about the Bro mailing list