[Bro] Bro Log ingestion

Jonathon Wright jonathon.s.wright at gmail.com
Tue Sep 16 20:03:32 PDT 2014


Thanks Steven, I'll take a look at those.
I'm assuming my central point server would then need Apache with
ElasticSearch and Kibana installed. I'm sure more questions will come as I
start looking into this. Thanks again for the info!


On Tue, Sep 16, 2014 at 4:28 PM, Stephen Reese <rsreese at gmail.com> wrote:

> On Tue, Sep 16, 2014 at 9:54 PM, Jonathon Wright <
> jonathon.s.wright at gmail.com> wrote:
>>
>> Research
>> Looking around and doing some reading, I've found two possible solutions
>> ELSA and LOGSTASH although I don't know them very well and / or what their
>> capabilities are either. But I'd like to know if they are viable,
>> especially given my scenario, or if there is something better. Also, a
>> how-to so I can set it up.
>>
>
> You might want to skip on the Logstash piece and push the data directly to
> ElasticSearch per [1] unless you have a specific requirement. From there
> you could use Kibana [2] or whatever to interface with data stored in
> ElasticSearch.
>
> [1] https://www.bro.org/sphinx/frameworks/logging-elasticsearch.html
> [2] http://www.elasticsearch.org/overview/kibana/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140916/c3f1c72b/attachment.html 


More information about the Bro mailing list