[Zeek] Bro Logs Ingestion
Doug Burks
doug.burks at gmail.com
Mon May 6 03:51:27 PDT 2019
Hi Dave,
To clarify, Security Onion may also include redis in the pipeline,
depending on what kind of architecture you are deploying. For more
information, please see:
https://securityonion.readthedocs.io/en/latest/architecture.html#distributed
Hope that helps!
On Sun, May 5, 2019 at 5:08 PM David Decker <x.faith at gmail.com> wrote:
> Sorry beginner question here:
>
> But I know you can ingest logs into Splunk, and Elastic Search.
>
> So I know SecurityOnion has an ELK stack and it looks like they get sent
> right to Logstash - ES - Kibana
>
> RockNSM looks almost the same but it has a stop off at Kafka before
> forwarding to Logstash.
>
> Trying to figure out is there a benefit for Kafka.
>
> Also looking at using Splunk instead of ES.
> I know I can use the TA and monitor the logs from splunk, but would it be
> better to monitor from Kafka?
>
> I guess I need to understand more of how Kafka fits.
>
> Thanks
> Dave
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
--
Doug Burks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190506/bb5a1c68/attachment.html
More information about the Zeek
mailing list