eric at nixwizard.net
Tue Oct 22 10:35:54 PDT 2013
On Oct 22, 2013 12:29 PM, "James Lay" <jlay at slave-tothe-box.net> wrote:
> On 2013-10-22 11:26, Eric G wrote:
>> On Oct 22, 2013 12:06 PM, "James Lay" <jlay at slave-tothe-box.net >
>> > Hey all!
>> > So...Im looking for SOMETHING that will allow me to parse and
>> > aggregate bro, snort, and firewall logs.
>> Splunk on the commercial side, ELSA on the free side would be my
>> suggestions without hearing more details about your environment or
>> On the free side youre going to spend time setting them up and getting
>> stuff configured... Thats the price of the open source log aggregation
>> stuff out there...
>> http://www.linkedin.com/in/ericgearhart 
> Thanks Eric...something that lifts my spirits:
> ELSA ships with several plugins:
> Windows logs from Eventlog-to-Syslog
> Snort/Suricata logs
> Bro logs
> Url logs from httpry_logger
> So THAT helps...I won't have to reinvent anything. Documentation looks
pretty tasty as well, so let's hope it's not too much of a hassle. I'll
report my success/failures here.
I think there are parsers for a couple of firewall vendors too. I would be
open to helping ya get a parser written if there isn't one for whatever
firewall solution you're using. ELSA's a really neat project, so it'd be
cool to help it out
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro