[Bro] Question about Brownian project
Jay Swan
sanjuanswan at gmail.com
Fri Sep 23 07:09:48 PDT 2016
If you're looking for something pre-built, Graylog2 is nice.
If you want to use the standard Elastic stack, the key is to send your logs
from Bro in JSON format, use the json_lines codec and the de_dot filter in
Logstash, and at that point Kibana "Just Works". With Bro 2.5 I believe you
can change the field delimiter to avoid the de_dot problem (Elasticsearch
2.x doesn't allow dots in field names, although Elasticsearch 5.x will).
Jay
On Fri, Sep 23, 2016 at 7:33 AM, Espresso Beanies <espressobeanies at gmail.com
> wrote:
> Hi,
>
> I'm trying to figure out what happened to the Brownian project (front-end
> for Bro) and whether or not there are other projects attempting to create a
> front-end for Bro IDS using ElasticSearch.
>
> Thank you,
> E
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160923/e1b9e73c/attachment-0001.html
More information about the Bro
mailing list