On Apr 13, 2021, at 4:26 PM, Chuck Anderson via WLUG
On Tue, Apr 13, 2021 at 09:16:10AM -0400, John Stoffel via WLUG wrote:
Now that I have zeek up and running... what's
the best tool/process
for viewing the data? Looking at the hourly emailed logs is sorta
interesting, but honestly not a great way to see trends over time.
I know people use $$$$$plunk (Splunk) for that sort of thing. Perhaps
ELK (Elasticsearch, Logstash, and Kibana) would work. Oh look,
someone has a recipe for how to do that:
I am one of the $plunk users. Their free tier is fine, though it has less features
(authentication being one of them) so I’d put something in front of it. The Splunk Zeek
app is really good; if you go the Splunk route let me know.
WLUG mailing list -- wlug(a)lists.wlug.org
To unsubscribe send an email to wlug-leave(a)lists.wlug.org
Create Account: https://wlug.mailman3.com/accounts/signup/
Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/