[Bro] filebeat +elk
Blason R
blason16 at gmail.com
Wed Mar 28 11:35:05 PDT 2018
Undoubtedly go ahead with Filebeat and elasticsearch and you should be good
to go. ES will automatically index since those being into JSON
On Wed, Mar 28, 2018 at 11:51 PM, erik clark <philosnef at gmail.com> wrote:
> I just need to get it into ES. I am going to pump eve.json in as well. I
> have no experience with the ELK stack at all, other than some ES work from
> dealing with moloch content going in there and configuring it appropriately.
> If I can just bypass everything and push eve.json and bro json logs
> directly in, that would be fantastic.
>
> Thanks Jon!
>
> On Wed, Mar 28, 2018 at 1:09 PM, Zeolla at GMail.com <zeolla at gmail.com>
> wrote:
>
>> Do you specifically need to send it to logstash or do you just need it to
>> get inserted into elasticsearch?
>>
>> Jon
>>
>> On Wed, Mar 28, 2018 at 1:07 PM erik clark <philosnef at gmail.com> wrote:
>>
>>> I am trying to ingest bro 2.5 json logs into an elk stack, using
>>> filebeat to push the logs. Is that even the best way to do this? I have
>>> found MUCH outdated material on ingesting bro logs into an elk stack, but
>>> very little that is up to date, and some of which is up to date but is
>>> using older versions of software from elastic.co. If anyone has a
>>> modern bro/elk integration document they use(d) to set their environment
>>> up, it would be greatly appreciated if you could share. Thanks!
>>>
>>> Erik
>>> _______________________________________________
>>> Bro mailing list
>>> bro at bro-ids.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>> --
>>
>> Jon
>>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180329/8d48280e/attachment.html
More information about the Bro
mailing list