[Bro] Frontend
Eric G
eric at nixwizard.net
Tue Oct 22 10:39:46 PDT 2013
On Oct 22, 2013 12:29 PM, "James Lay" <jlay at slave-tothe-box.net> wrote:
>
> On 2013-10-22 11:26, Eric G wrote:
>>
>> On Oct 22, 2013 12:06 PM, "James Lay" <jlay at slave-tothe-box.net [1]>
>> wrote:
>> >
>> > Hey all!
>> >
>> > So...Im looking for SOMETHING that will allow me to parse and
>>
>> > aggregate bro, snort, and firewall logs.
>>
>> Splunk on the commercial side, ELSA on the free side would be my
>> suggestions without hearing more details about your environment or
>> needs
>>
>> On the free side youre going to spend time setting them up and getting
>> stuff configured... Thats the price of the open source log aggregation
>>
>> stuff out there...
>>
>> --
>> Eric
>> http://www.linkedin.com/in/ericgearhart [2]
>
>
> Thanks Eric...something that lifts my spirits:
>
> Plugins
>
> ELSA ships with several plugins:
>
> Windows logs from Eventlog-to-Syslog
> Snort/Suricata logs
> Bro logs
> Url logs from httpry_logger
>
> So THAT helps...I won't have to reinvent anything. Documentation looks
pretty tasty as well, so let's hope it's not too much of a hassle. I'll
report my success/failures here.
>
Yup looks like plugins for a few different vendors have been written:
" By popular demand, I've added a number of new parsers to the ELSA
repertoire to support parsing fields from the following devices:
- Fortinet (URL, traffic)
- Checkpoint
- Palo Alto (URL, traffic)
- Barracuda (scan, receive, send)
- OSSEC Windows logs (automatically appears as class Windows)"
(from http://ossectools.blogspot.com/2012/02/new-elsa-log-parsers.html)
--
Eric
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131022/b32cbb25/attachment.html
More information about the Bro
mailing list