I discovered an issue with the tool I wrote about last June. Ive updated kippo-log2db.pl correcting an error where it was populating the sensor column of the session table improperly. I discovered the error after loading some data into MySQL and then attempting to use Ions kippo2elasticsearch script to move the data into ElasticSearch. I">int(11)? Since I only have a handful of sensors, it hasnt impacted me, but if you have an installation with a huge number of sensors, this could become a problem. Anyway, get the new version and if youve imported data using the old version, you may need to reimport. Sorry about that.
References:
http://handlers.sans.org/jclausing/kippo-log2db.pl
---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu