On Apr 13, 2021, at 4:26 PM, Chuck Anderson via WLUG <wlug@lists.wlug.org> wrote:
On Tue, Apr 13, 2021 at 09:16:10AM -0400, John Stoffel via WLUG wrote:
Now that I have zeek up and running... what's the best tool/process for viewing the data? Looking at the hourly emailed logs is sorta interesting, but honestly not a great way to see trends over time.
I know people use $$$$$plunk (Splunk) for that sort of thing. Perhaps ELK (Elasticsearch, Logstash, and Kibana) would work. Oh look, someone has a recipe for how to do that:
I am one of the $plunk users. Their free tier is fine, though it has less features (authentication being one of them) so I’d put something in front of it. The Splunk Zeek app is really good; if you go the Splunk route let me know.
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/SXYJZI...