[Bro] filebeat +elk
Zeolla@GMail.com
zeolla at gmail.com
Wed Mar 28 11:23:59 PDT 2018
No guarantees, but this[1] may be helpful. I've recently moved to pushing
things to kafka using this[2], which eventually feeds into ES using Apache
Metron which adds some other benefits but is meant for large scale
environments (i.e. it is definitely _not_ lightweight).
1:
https://github.com/bro/bro-plugins/tree/00d039442b97ba545e6020200d96a3cba9d9181b/elasticsearch
2: https://github.com/apache/metron-bro-plugin-kafka
Jon
On Wed, Mar 28, 2018 at 2:21 PM erik clark <philosnef at gmail.com> wrote:
> I just need to get it into ES. I am going to pump eve.json in as well. I
> have no experience with the ELK stack at all, other than some ES work from
> dealing with moloch content going in there and configuring it appropriately.
> If I can just bypass everything and push eve.json and bro json logs
> directly in, that would be fantastic.
>
> Thanks Jon!
>
> On Wed, Mar 28, 2018 at 1:09 PM, Zeolla at GMail.com <zeolla at gmail.com>
> wrote:
>
>> Do you specifically need to send it to logstash or do you just need it to
>> get inserted into elasticsearch?
>>
>> Jon
>>
>> On Wed, Mar 28, 2018 at 1:07 PM erik clark <philosnef at gmail.com> wrote:
>>
>>> I am trying to ingest bro 2.5 json logs into an elk stack, using
>>> filebeat to push the logs. Is that even the best way to do this? I have
>>> found MUCH outdated material on ingesting bro logs into an elk stack, but
>>> very little that is up to date, and some of which is up to date but is
>>> using older versions of software from elastic.co. If anyone has a
>>> modern bro/elk integration document they use(d) to set their environment
>>> up, it would be greatly appreciated if you could share. Thanks!
>>>
>>> Erik
>>> _______________________________________________
>>> Bro mailing list
>>> bro at bro-ids.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>> --
>>
>> Jon
>>
>
> --
Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180328/ddc38dd3/attachment.html
More information about the Bro
mailing list