[Bro] Couple elasticsearch questions
Seth Hall
seth at icir.org
Wed Jul 23 09:31:41 PDT 2014
On Jul 23, 2014, at 12:15 PM, James Lay <jlay at slave-tothe-box.net> wrote:
> Negative. In order to get Logstash/Kibana to identify fields, the grok
> patterns are what is used. I guess that's the question for me....does
> Bro dump the data raw into elasticsearch?
Bro will write the logs directly into elasticsearch (with the fields separated and named correctly). You don't need logstash at all. The only difference is that in your kibana config, you'll need to make it use slightly different index names. I'm hoping that this is something we'll have more guidance on at some point. I definitely recognize that more cleanup needs to done to this code to make it more resilient and make it easier to get to an end-result.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140723/e0dfa66c/attachment.bin
More information about the Bro
mailing list