[Bro] Question about Brownian project
sanjuanswan at gmail.com
Fri Sep 23 07:09:48 PDT 2016
If you're looking for something pre-built, Graylog2 is nice.
If you want to use the standard Elastic stack, the key is to send your logs
from Bro in JSON format, use the json_lines codec and the de_dot filter in
Logstash, and at that point Kibana "Just Works". With Bro 2.5 I believe you
can change the field delimiter to avoid the de_dot problem (Elasticsearch
2.x doesn't allow dots in field names, although Elasticsearch 5.x will).
On Fri, Sep 23, 2016 at 7:33 AM, Espresso Beanies <espressobeanies at gmail.com
> I'm trying to figure out what happened to the Brownian project (front-end
> for Bro) and whether or not there are other projects attempting to create a
> front-end for Bro IDS using ElasticSearch.
> Thank you,
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro