[Bro] filebeat +elk
Blason R
blason16 at gmail.com
Wed Mar 28 10:55:45 PDT 2018
By the way Bro does log in JSON format that can directly be ingested into
elastic search
On Wed, Mar 28, 2018 at 10:58 PM, Patrick Kelley <pkelley at hyperionavenue.com
> wrote:
> Erik,
>
> I’m doing this with Ubuntu and Pi devices. I’ll send you all of my notes
> outside of the main channel.
>
> *Patrick Kelley, CISSP, C|EH, ITIL*
> *Principal Security Engineer*
> patrick.kelley at criticalpathsecurity.com
>
>
> On Mar 28, 2018, at 1:09 PM, Zeolla at GMail.com <zeolla at gmail.com> wrote:
>
> Do you specifically need to send it to logstash or do you just need it to
> get inserted into elasticsearch?
>
> Jon
>
> On Wed, Mar 28, 2018 at 1:07 PM erik clark <philosnef at gmail.com> wrote:
>
>> I am trying to ingest bro 2.5 json logs into an elk stack, using filebeat
>> to push the logs. Is that even the best way to do this? I have found MUCH
>> outdated material on ingesting bro logs into an elk stack, but very little
>> that is up to date, and some of which is up to date but is using older
>> versions of software from elastic.co. If anyone has a modern bro/elk
>> integration document they use(d) to set their environment up, it would be
>> greatly appreciated if you could share. Thanks!
>>
>> Erik
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> --
>
> Jon
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180328/4415fada/attachment.html
More information about the Bro
mailing list