[Bro] filebeat +elk
Blason R
blason16 at gmail.com
Wed Mar 28 10:29:43 PDT 2018
I guess you refer to securityonion they already have done that and lot of
logstash config file.
Hats off to SO folks and Justin Henderson
On Wed, Mar 28, 2018 at 10:39 PM, Zeolla at GMail.com <zeolla at gmail.com> wrote:
> Do you specifically need to send it to logstash or do you just need it to
> get inserted into elasticsearch?
>
> Jon
>
> On Wed, Mar 28, 2018 at 1:07 PM erik clark <philosnef at gmail.com> wrote:
>
>> I am trying to ingest bro 2.5 json logs into an elk stack, using filebeat
>> to push the logs. Is that even the best way to do this? I have found MUCH
>> outdated material on ingesting bro logs into an elk stack, but very little
>> that is up to date, and some of which is up to date but is using older
>> versions of software from elastic.co. If anyone has a modern bro/elk
>> integration document they use(d) to set their environment up, it would be
>> greatly appreciated if you could share. Thanks!
>>
>> Erik
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> --
>
> Jon
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180328/27d8ff01/attachment.html
More information about the Bro
mailing list