On 08/11/2018 23:29, Karl Pietrzak wrote:
We're working on analyzing semi-structured logs
(such as syslog, Windows
events, etc.), and I'm trying to figure out if Bro/Zeek is the right tool
for the job.
Maybe there is other, better ways to do this. Any advice on this matter
would be appreciated!
you might want to have a look at https://github.com/J-Gras/bro-lognorm
It integrates liblognorm into Bro to parse for example syslog messages.
The only thing you need is an appropriate rulebase (so no NLP here).