Zeek with elasticsearch

shabi037 · November 4, 2020, 9:00am

Hi all,

I am running Zeek (Bro) in an offline mode to analyze the pcap file. I get the logs in the "/opt/zeek/logs/current" directory. To further analyze the received logs I am passing those to Filebeat to be visualized further in Kibana. Here where the problem is. I am not getting those logs displayed in Kibana. Zeek module is working fine in the Filebeat. The log file path that appears is /var/log/elasticsearch/gc.log. Any help would be appreciated. Thanks in advance.

warkolm · November 9, 2020, 1:45am

Welcome to our community!

It's best if you don't create multiple topics on the same question, it makes it harder for people to help you. I'll close this in favour of Analyzing PCAP's with Zeek(Bro) in offline mode.

Topic		Replies	Views
Analyzing PCAP's with Zeek(Bro) in offline mode Kibana	4	1603	December 4, 2020
Configure Zeek module with the sample dashboard Beats filebeat	3	1580	August 5, 2019
I can't see Zeek's http.log in Kibana but everything else (DNS, SSL, etc.) is fine Beats filebeat	2	1554	March 2, 2020
Filebeat zeek module shows no data Beats filebeat	1	282	August 24, 2022
Filebeat "zeek" module integration Beats beats-module , filebeat	2	500	January 30, 2020

Zeek with elasticsearch

Related topics