Bro-IDS Logstash Parsing

I have spent the past several days working with Bro-IDS and Logstash parsing and wanted to share this with anyone else who may be doing the same and needs some decent parsing. Some pieces of this I have taken from other sources online but have been modifying to suit my needs as well as adding additional functionality. This will be updated as time goes on and will be hosted on GitHub.

Enjoy!

7 thoughts on “Bro-IDS Logstash Parsing

  1. Hi,

    I tried this conf with bro-2.4.1 and logstash-1.1.9-monolithic nut no success. Can you please tell me which version you used?

    Thx

Leave a Reply

Your email address will not be published. Required fields are marked *

*