Bro IDS with ELK stack

ruby · February 10, 2017, 10:48am

I have configured BRO -IDS on PC along with Filebeat Shiipper

and from another PC on which I have installed ELK stack, I need to fetch BRO IDS logs.

please help to know what to configure on ELK stack..is there any need of python script ?

magnusbaeck · February 13, 2017, 10:37am

It sounds like you want to configure Filebeat to ship the logs you're interested in to the host with Elasticsearch (and maybe Logstash).

ruby · February 14, 2017, 4:46am

yes, I have confiigured filebeat, but its is not shipping IDS logs to logstash

magnusbaeck · February 14, 2017, 6:36am

Then I'd look in the Filebeat log for clues about what's going on.

ruby · February 16, 2017, 9:20am

{:timestamp=>"2017-02-16T14:30:11.539000+0530", :message=>"Beats input: the pipeline is blocked, temporary refusing new connection.", :reconnect_backoff_sleep=>0.5, :level=>:warn}

This is the error encountered

magnusbaeck · February 16, 2017, 9:40am

That's the Logstash log, but okay. Why is Logstash's pipeline blocked then? There should be clues about that too.

system · March 16, 2017, 9:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
BRO IDS integration with ELK Stack Logstash	1	515	March 13, 2017
Logstash Error: Beats input: the pipeline is blocked, temporary refusing new connection Logstash	3	1324	July 6, 2017
Beats input: the pipeline is blocked, temporary refusing new connection.",reconnect_backoff_sleep=>0.5 Beats filebeat	6	3238	July 5, 2017
Error in shipping logs from Logstash to Elasticsearch Logstash	7	1128	July 6, 2017
ELK Pipeline error Logstash	1	812	July 6, 2017

Bro IDS with ELK stack

Related topics