eric at nixwizard.net
Tue Oct 22 10:39:46 PDT 2013
On Oct 22, 2013 12:29 PM, "James Lay" <jlay at slave-tothe-box.net> wrote:
> On 2013-10-22 11:26, Eric G wrote:
>> On Oct 22, 2013 12:06 PM, "James Lay" <jlay at slave-tothe-box.net >
>> > Hey all!
>> > So...Im looking for SOMETHING that will allow me to parse and
>> > aggregate bro, snort, and firewall logs.
>> Splunk on the commercial side, ELSA on the free side would be my
>> suggestions without hearing more details about your environment or
>> On the free side youre going to spend time setting them up and getting
>> stuff configured... Thats the price of the open source log aggregation
>> stuff out there...
>> http://www.linkedin.com/in/ericgearhart 
> Thanks Eric...something that lifts my spirits:
> ELSA ships with several plugins:
> Windows logs from Eventlog-to-Syslog
> Snort/Suricata logs
> Bro logs
> Url logs from httpry_logger
> So THAT helps...I won't have to reinvent anything. Documentation looks
pretty tasty as well, so let's hope it's not too much of a hassle. I'll
report my success/failures here.
Yup looks like plugins for a few different vendors have been written:
" By popular demand, I've added a number of new parsers to the ELSA
repertoire to support parsing fields from the following devices:
- Fortinet (URL, traffic)
- Palo Alto (URL, traffic)
- Barracuda (scan, receive, send)
- OSSEC Windows logs (automatically appears as class Windows)"
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro