[Bro] Bro Log ingestion
jonathon.s.wright at gmail.com
Tue Sep 16 20:03:32 PDT 2014
Thanks Steven, I'll take a look at those.
I'm assuming my central point server would then need Apache with
ElasticSearch and Kibana installed. I'm sure more questions will come as I
start looking into this. Thanks again for the info!
On Tue, Sep 16, 2014 at 4:28 PM, Stephen Reese <rsreese at gmail.com> wrote:
> On Tue, Sep 16, 2014 at 9:54 PM, Jonathon Wright <
> jonathon.s.wright at gmail.com> wrote:
>> Looking around and doing some reading, I've found two possible solutions
>> ELSA and LOGSTASH although I don't know them very well and / or what their
>> capabilities are either. But I'd like to know if they are viable,
>> especially given my scenario, or if there is something better. Also, a
>> how-to so I can set it up.
> You might want to skip on the Logstash piece and push the data directly to
> ElasticSearch per  unless you have a specific requirement. From there
> you could use Kibana  or whatever to interface with data stored in
>  https://www.bro.org/sphinx/frameworks/logging-elasticsearch.html
>  http://www.elasticsearch.org/overview/kibana/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro