[Bro] redef LogElasticSearch variables
jessebowling at gmail.com
Mon Feb 25 12:45:19 PST 2013
Let me preface this with "I have no idea what I'm doing".
I want to test out Bro's native elasticsearch writer...I found that there
appear to be two files for this module:
Both of them specify that the module is called "LogElasticSearch"...Is that
a problem? At any rate...
I want to specify an ElasticSearch server that is not local. I didn't see
any documentation on this, but saw that elasticsearch.bro has variables
like "server_host". Seems like this would be the thing to change...So, I
redef LogElasticSearch::server_host = "10.10.10.10"
It appears that broctl does not like this invocation. Specifically it
chokes and says:
6: syntax error, at or near "module"
Which is weird...If I put additional redef's:
redef LogElasticSearch::server_host = "10.9.12.26"
redef LogElasticSearch::server_port= 9200
I then get:
error in /usr/local/bro/share/bro/site/local.bro, line 113: syntax
error, at or near "redef"
(line 113 is the last redef of server_port).
So...What am I doing wrong and how do I configure this plugin to point to
another host? Is that book on brogramming out yet? :P
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro