[Bro] Splunk or ELK to parse Bro logs

C. L. Martinez carlopmart at gmail.com
Mon Feb 20 01:25:18 PST 2017


Hi all,

 I would like to do some tests and deploy rules using Bro under my laptop test lab. Due to limited resources, I would like to install some log parser tool for Bro like Splunk or ELK.

 In the past, I have used Splunk and goes very well for my needs. But doing some searches, I am finding more docs about using ELK with Bro than using Splunk. 

 But I don't see how can I limit resources assigned to an ELK infrastructure to suit my needs (I can't assign more than 2.5 GB of RAM to vm where I will install splunk or elk or another solution).

 I don't expect a lot of logs per day or hour from Bro's side (in fact, I expect very few), but i don't see pretty clear what solution to use.

 What are your opinions or recommendations?

Many thanks to all.

-- 
Greetings,
C. L. Martinez


More information about the Bro mailing list