[Bro] Question about Brownian project
zeolla at gmail.com
Fri Sep 23 07:28:25 PDT 2016
Dots are allowed in ES 2.4, see
On Fri, Sep 23, 2016 at 10:21 AM Jay Swan <sanjuanswan at gmail.com> wrote:
> If you're looking for something pre-built, Graylog2 is nice.
> If you want to use the standard Elastic stack, the key is to send your
> logs from Bro in JSON format, use the json_lines codec and the de_dot
> filter in Logstash, and at that point Kibana "Just Works". With Bro 2.5 I
> believe you can change the field delimiter to avoid the de_dot problem
> (Elasticsearch 2.x doesn't allow dots in field names, although
> Elasticsearch 5.x will).
> On Fri, Sep 23, 2016 at 7:33 AM, Espresso Beanies <
> espressobeanies at gmail.com> wrote:
>> I'm trying to figure out what happened to the Brownian project (front-end
>> for Bro) and whether or not there are other projects attempting to create a
>> front-end for Bro IDS using ElasticSearch.
>> Thank you,
>> Bro mailing list
>> bro at bro-ids.org
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro