[Bro] Couple elasticsearch questions
James Lay
jlay at slave-tothe-box.net
Wed Jul 23 09:15:25 PDT 2014
On 2014-07-23 10:08, Seth Hall wrote:
> On Jul 23, 2014, at 11:50 AM, James Lay <jlay at slave-tothe-box.net>
> wrote:
>
>> I'm guessing I'm going to have to create something like the above
>> grok
>> for each bro log file....which...is going to be a hoot ;)
>
> Are you saying that you're going to have to do this because you don't
> want Bro to write directly to ElasticSearch?
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
Negative. In order to get Logstash/Kibana to identify fields, the grok
patterns are what is used. I guess that's the question for me....does
Bro dump the data raw into elasticsearch? If it does then I'll need to
include a grok line in my logstash config to parse out the data of each
type of log that bro generates. I hope that makes sense..thanks Seth.
James
More information about the Bro
mailing list