[Zeek] Bro Logs Ingestion
David Decker
x.faith at gmail.com
Sun May 5 13:58:01 PDT 2019
Sorry beginner question here:
But I know you can ingest logs into Splunk, and Elastic Search.
So I know SecurityOnion has an ELK stack and it looks like they get sent
right to Logstash - ES - Kibana
RockNSM looks almost the same but it has a stop off at Kafka before
forwarding to Logstash.
Trying to figure out is there a benefit for Kafka.
Also looking at using Splunk instead of ES.
I know I can use the TA and monitor the logs from splunk, but would it be
better to monitor from Kafka?
I guess I need to understand more of how Kafka fits.
Thanks
Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190505/78ae95a1/attachment.html
More information about the Zeek
mailing list