Wednesday, January 7, 2015

New ELSA packages parse country code out of Bro conn.log

I've updated the ELSA packages to parse the responder country code out of the Bro conn.log.  The new packages are as follows:

securityonion-elsa-extras - 20131117-1ubuntu0securityonion53
securityonion-web-page - 20141015-0ubuntu0securityonion13

These new packages should resolve the following issues:

Issue 656: ELSA: update parser for bro_conn to parse country code

Issue 659: securityonion-web-page: add ELSA query for bro_conn groupby:resp_country_code

These new packages have been tested by David Zawdie (thanks!).

Update process

Connections - Groupby Resp Country: group connections by responder country code

The new packages are now available in our stable repo.  Please see the following page for full update instructions:

If you have any questions or problems, please use our security-onion mailing list:

Commercial Support
Need training and/or commercial support?  Please see:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:


No comments:

Search This Blog

Featured Post

Celebrating 10 Years of Security Onion Solutions and Announcing Security Onion Pro!

From Doug Burks, Founder and CEO of Security Onion Solutions:  There’s an old saying that it takes ten years to be an overnight success. Tha...

Popular Posts

Blog Archive