Support #1908
closed
about logstash kibana and unified alert logs
Added by Rahul Surya over 7 years ago.
Updated about 7 years ago.
Description
as upto my understanding, what logstash kibana do,as display the graphical approach of logs used in eve.json file and unified alert display all packets with payloads in snorby application,but what else differentiate between these two????
- Assignee set to Anonymous
- Priority changed from Immediate to Low
- Target version set to TBD
You have a "better" or more verbose presentation of your logfiles and you might prefer it for analyzing logs. But it's mainly dependend on your usecase.
Of note I think is that Suricata eve logs contain a lot more than Snort or Suricata unified2 logs. Unified and unified2 is limited to alerts (and some extra data associated with alerts), while Eve will log other network events such as DNS requests and responses, http requests, tls certificate info, ssh info, etc.
This provides much more info to visualize in Kibana than you would have with just unified2 logs.
- Status changed from New to Closed
- Assignee deleted (
Anonymous)
- Target version deleted (
TBD)
Also available in: Atom
PDF