Wednesday, December 3, 2014

ELSA now parses Bro's RADIUS, SNMP, and X.509 logs

I've added ELSA parsers for Bro RADIUS, SNMP, and X.509 logs.  The new packages are as follows:

securityonion-elsa-extras - 20131117-1ubuntu0securityonion50
securityonion-web-page - 20141015-0ubuntu0securityonion10

These new packages should resolve the following issues:

Issue 513: securityonion-elsa-extras: when adding sources to
syslog-ng.conf, do not search-and-replace using "log"

Issue 575: ELSA: parsers for new Bro logs added in Bro 2.3

Issue 578: securityonion-web-page: add ELSA queries for new Bro 2.3 logs

These new packages have been tested by the following (thanks!):
Eddy Simons
David Zawdie

Update Process 

X.509 logs grouped by Certificate Key Length

X.509 logs grouped by Certificate Key Algorithm

X.509 logs grouped by Certificate Signature Algorithm

X.509 logs grouped by Certificate Key Type

SNMP logs grouped by Community
RADIUS logs grouped by username

The new packages are now available in our stable repo.  Please see the following page for full update instructions:

If you have any questions or problems, please use our security-onion mailing list:

Need training?  Please see:

Commercial Support
Need commercial support?  Please see:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:

We especially need help testing new packages:


No comments:

Search This Blog

Featured Post

4-month End Of Life (EOL) reminder for Security Onion 2.3

We recently announced the End Of Life (EOL) date for Security Onion 2.3:

Popular Posts

Blog Archive