Support #1908
closedabout logstash kibana and unified alert logs
Description
as upto my understanding, what logstash kibana do,as display the graphical approach of logs used in eve.json file and unified alert display all packets with payloads in snorby application,but what else differentiate between these two????
Updated by Andreas Herz over 8 years ago
- Assignee set to Anonymous
- Priority changed from Immediate to Low
- Target version set to TBD
You have a "better" or more verbose presentation of your logfiles and you might prefer it for analyzing logs. But it's mainly dependend on your usecase.
Updated by Jason Ish over 8 years ago
Of note I think is that Suricata eve logs contain a lot more than Snort or Suricata unified2 logs. Unified and unified2 is limited to alerts (and some extra data associated with alerts), while Eve will log other network events such as DNS requests and responses, http requests, tls certificate info, ssh info, etc.
This provides much more info to visualize in Kibana than you would have with just unified2 logs.
Updated by Victor Julien over 8 years ago
- Status changed from New to Closed
- Assignee deleted (
Anonymous) - Target version deleted (
TBD)