[Bro] Help with Bro & ES

Azoff, Justin S jazoff at illinois.edu
Wed Oct 21 09:28:25 PDT 2015

> On Oct 21, 2015, at 12:16 PM, Chris Williams <cw13 at umbc.edu> wrote:
> I recently installed Bro, and I am trying to get it to work with elastic search (with Kibana as a front end.) I have alerts getting to ES and it shows up in Kibana, but it is a mix of unintelligible json messages. For example, some don't have timestamps:


>   "_type": "loaded_scripts",

The loaded_scripts.log is 'special' and does not have timestamps.  How do entries from things like the conn.log or http.log look?

- Justin Azoff

More information about the Bro mailing list