1. What is Meer

“Meer” is a dedicated data broker for the Suricata IDS/IPS system and the Sagan log analysis engine.

Meer takes EVE data (JSON) from Suricata or Sagan (via an input-plugin), augments it by enriching it with DNS, GeoIP, and other information (via the meer-core), and then pushes the data to a database (via a output-plugin) of your choice.

Meer is written in C which makes it fast and very light weight. This makes is suitable for processing data on systems with limited resource.

Meer input-plugins that are currently supported are Suricata/Sagan EVE (“spool”) files and Redis.

Meer output-plugins that are currently supported are Elasticsearch, Opensearch, Zincsearch (https://github.com/zinclabs/zinc), Redis, named pipes, files, and “external” programs. Meer release 1.0.0 supports SQL (MariaDB, MySQL and PostgreSQL) that is compatible with older “Barnyard2” systems. Meer versions _after_ 1.0.0 do _not_ support SQL.

The primary Meer site is located at:

https://github.com/quadrantsec/meer

1.1. License

Meer is licensed under the GNU/GPL version 2.