[Zeek] Bro Logs Ingestion

David Decker x.faith at gmail.com
Sun May 5 13:58:01 PDT 2019


Sorry beginner question here:

But I know you can ingest logs into Splunk, and Elastic Search.

So I know SecurityOnion has an ELK stack and it looks like they get sent
right to Logstash - ES - Kibana

RockNSM looks almost the same but it has a stop off at Kafka before
forwarding to Logstash.

Trying to figure out is there a benefit for Kafka.

Also looking at using Splunk instead of ES.
I know I can use the TA and monitor the logs from splunk, but would it be
better to monitor from Kafka?

I guess I need to understand more of how Kafka fits.

Thanks
Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190505/78ae95a1/attachment.html 


More information about the Zeek mailing list