[Bro] filebeat +elk
Daniel Guerra
daniel.guerra69 at gmail.com
Wed Mar 28 11:18:24 PDT 2018
I would use json to stdout with a python script to
insert it in elasticsearch. I think its the most efficient
and stable method. The latest elasticsearch needs
separate index for the different log types.
There is a bro-pkg for json to stdout.
Op 28/03/2018 om 18:52 schreef erik clark:
> I am trying to ingest bro 2.5 json logs into an elk stack, using
> filebeat to push the logs. Is that even the best way to do this? I
> have found MUCH outdated material on ingesting bro logs into an elk
> stack, but very little that is up to date, and some of which is up to
> date but is using older versions of software from elastic.co
> <http://elastic.co>. If anyone has a modern bro/elk integration
> document they use(d) to set their environment up, it would be greatly
> appreciated if you could share. Thanks!
>
> Erik
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180328/8bd1043d/attachment.html
More information about the Bro
mailing list