[Announcement] logstash-input-bro plugin

(Blake Mackey) #1

Considering the newest user story on the main page is about ingesting Bro logs into the Elastic stack, this may be timely news.

The logstash-input-bro is used to watch Bro logs and ingest the log data. It is better than using Greg/grok/file plugins because it uses the headers in the bro log files in order to parse fields and field types automatically.

This is a bonus when changing/testing bro configurations, because no new grok changes are required to parse additional/changed fields in newer Bro logs.

(system) #2