[Bro] Bro -> Elasticsearch -> Kibana4beta -> GeoLocation

Seth Hall seth at icir.org
Fri Oct 30 06:46:32 PDT 2015

> On Oct 29, 2015, at 9:33 PM, Daniel Guerra <daniel.guerra69 at gmail.com> wrote:
> I use the elasticsearch plugin in bro. I know logstash works fine but its
> very cpu intensive. Thanx anyway. 

Technically it can be done, but it would require changes to the JSON formatter (in the core).  This is actually a pretty reasonable request (and I like the idea a lot!).  It might not be too much work to implement it, it just needs to be done.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list