landy-bible at utulsa.edu
Wed May 11 19:35:39 PDT 2016
We use Logstash to ship the our Bro logs into ElasticSearch, then we use
Kibana to create all sorts of interesting dashboards related to our
traffic. If you use the JSON output plugin for Bro it makes it easy because
you don't need to try to write Bro filters for Logstash to parse the logs,
just pump the JSON directly into ElasticSearch. Be aware that ElasticSearch
2 doesn't allow dots in field names, so you'll either need to stick with
the 1x branch or use Logstash filters to remove the dots.
Information Security Analyst
The University of Tulsa
On Wed, May 11, 2016 at 11:58 AM, Gary Faulkner <gfaulkner.nsm at gmail.com>
> Have you looked at Bro-statsd? If you are comfortable with Bro scripting
> and something like graphite or influxdb you should be able to do just
> about anything.
> On 5/11/16 5:27 AM, Chris Welber yahoo wrote:
> > Does any one have a method for creating metrics with bro. In regards to
> IT security needs: I.e. How many malware event types, violations, etc?
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro