Hi, I have been working on getting BRO and Suricata logs into Graylog and wanted to share what I have so far. http://alias454.com/send-security-onion-logs-to-a-centralized-graylog-server/.
This is only a first step in getting the BRO IDS logs and Suricata/Snort logs shipped into Graylog. I am also in the process of writing up some pipeline processing rules to parse the logs when they arrive in Graylog. I completed bro_conn and bro_dns pipeline processors and am still working on bro_http. I plan on doing a couple more of the interesting BRO logs and posting to github so I can link it into the marketplace. Regards, Brandon -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/b7a0ec81-9234-4ce1-b1d9-523f10ed4511%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
