[Bro] Bro -> Elasticsearch -> Kibana4beta -> GeoLocation
Seth Hall
seth at icir.org
Fri Oct 30 06:46:32 PDT 2015
> On Oct 29, 2015, at 9:33 PM, Daniel Guerra <daniel.guerra69 at gmail.com> wrote:
>
> I use the elasticsearch plugin in bro. I know logstash works fine but its
> very cpu intensive. Thanx anyway.
Technically it can be done, but it would require changes to the JSON formatter (in the core). This is actually a pretty reasonable request (and I like the idea a lot!). It might not be too much work to implement it, it just needs to be done.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list