[Bro] Help with Bro & ES
Azoff, Justin S
jazoff at illinois.edu
Wed Oct 21 09:28:25 PDT 2015
> On Oct 21, 2015, at 12:16 PM, Chris Williams <cw13 at umbc.edu> wrote:
>
> I recently installed Bro, and I am trying to get it to work with elastic search (with Kibana as a front end.) I have alerts getting to ES and it shows up in Kibana, but it is a mix of unintelligible json messages. For example, some don't have timestamps:
...
> "_type": "loaded_scripts",
>
The loaded_scripts.log is 'special' and does not have timestamps. How do entries from things like the conn.log or http.log look?
--
- Justin Azoff
More information about the Bro
mailing list