Hi Jaime, Thanks for your sharing!
Our goal is similar with yours, maybe we can have more communication and sharing about these. Thanks! Best regards, John 2014/1/1 Jaime Nebrera <[email protected]> > Hi John, > > Let me explain a bit more. First I suggest you look into redBorder.net > site. Not all is there but you will get the idea > > In essence, we are building an IT management platform around apache kafka > service bus > > We already have a Barnyard2 kafka plugin to support Snort (and Suricata) > and a basic hack on top of nprobe (not public yet, but soon, but not really > well done) > > So at this stage we support IDS/IPS and Netflow > > From there we will continue to build new bridges into kafka (mainly syslog > and SNMP) > > At the same time we are building a real time intelligence, built of course > around Kafka, in order to: > > * Enrich data with things like geo location or reputation > > * Enable some kind of automatic intelligence based on outlier detection, > data clustering, forecasting, etc > > * Implement a heuristic (rule) based correlation engine (filtering, > relations, time windows,...) > > The advantage of doing all this in kafka is when you have the bridge ready > you can process whatever it comes > > Once the IDS + Netflow version is ready (currently in private RC testing) > we will start to work on the intelligence elements, and might be able to > start with the logging one too > > Regards > > Jaime Nebrera - ENEO Tecnología > Sent with mobile, sorry for typos > El 31/12/2013 19:08, "John Zhang" <[email protected]> escribió: > > Hi Luca, >> >> Let me explain the architecture of my SIEM: >> >> Logstash + elasticsearch >> >> Logstash: Log shiper, log parsing and conversion >> elasticsearch: log index and search engine >> >> Its architecture is like the drawing in this page >> http://logstash.net/docs/1.3.2/tutorials/getting-started-centralized >> >> Since Logstash supports lots of input and output, so it needn't special >> format for the feed log, of course, json is good option. >> >> What I want is : I can feed The ntopng data into Logstash in near real >> time, some delay is also fine. >> >> Thanks! >> >> BTW, Happy New Year! >> >> Best regards, >> >> John >> >> >> 2013/12/31 Luca Deri <[email protected]> >> > >> > John, >> > let me ask another question instead. What format do you need in your >> SIEM? Please make an example >> > Regards Luca >> > On 31 Dec 2013, at 07:55, John Zhang <[email protected]> wrote: >> > >> > Hi everyone, >> > >> > My SIEM is Logstash + elasticsearch, and I want to add the data of >> ntopng to my SIEM. So my big problem is: How I export data of ntopng into >> Logstash? >> > >> > Any suggestion, comment, or reference will be highly appreciate! >> > >> > Thanks! >> > >> > Best regards, >> > >> > John >> > _______________________________________________ >> > Ntop-misc mailing list >> > [email protected] >> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> > >> > >> > _______________________________________________ >> > Ntop-misc mailing list >> > [email protected] >> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> > >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > >
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
