[Bro] Question about Brownian project

Zeolla@GMail.com zeolla at gmail.com
Fri Sep 23 07:28:25 PDT 2016


Dots are allowed in ES 2.4, see
https://www.elastic.co/blog/elasticsearch-2-4-0-released#_dots_in_fields_names_the_return

Jon

On Fri, Sep 23, 2016 at 10:21 AM Jay Swan <sanjuanswan at gmail.com> wrote:

> If you're looking for something pre-built, Graylog2 is nice.
>
> If you want to use the standard Elastic stack, the key is to send your
> logs from Bro in JSON format, use the json_lines codec and the de_dot
> filter in Logstash, and at that point Kibana "Just Works". With Bro 2.5 I
> believe you can change the field delimiter to avoid the de_dot problem
> (Elasticsearch 2.x doesn't allow dots in field names, although
> Elasticsearch 5.x will).
>
> Jay
>
>
> On Fri, Sep 23, 2016 at 7:33 AM, Espresso Beanies <
> espressobeanies at gmail.com> wrote:
>
>> Hi,
>>
>> I'm trying to figure out what happened to the Brownian project (front-end
>> for Bro) and whether or not there are other projects attempting to create a
>> front-end for Bro IDS using ElasticSearch.
>>
>> Thank you,
>> E
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-- 

Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160923/755dd975/attachment.html 


More information about the Bro mailing list