13 Apr
2021
13 Apr
'21
8:26 p.m.
On Tue, Apr 13, 2021 at 09:16:10AM -0400, John Stoffel via WLUG wrote:
Now that I have zeek up and running... what's the best tool/process for viewing the data? Looking at the hourly emailed logs is sorta interesting, but honestly not a great way to see trends over time.
I know people use $$$$$plunk (Splunk) for that sort of thing. Perhaps ELK (Elasticsearch, Logstash, and Kibana) would work. Oh look, someone has a recipe for how to do that: https://logz.io/blog/bro-elk-part-1/