[Bro] Couple elasticsearch questions

James Lay jlay at slave-tothe-box.net
Wed Jul 23 08:10:44 PDT 2014

Hey all,

A few questions:

1.  Is there a proper way to set which logs to send to elasticsearch 
that I can use in local.bro instead of modifying 
logs-to-elasticsearch.bro?  I am assuming that logs-to-elasticsearch.bro 
might change in future versions of bro.
2.  The docs say to add @load tuning/logs-to-elasticsearch in 
local.bro...how can I send bro data to a remote elasticsearch server 
3.  And lastly, as I look at the Brownian demo, I see that all the 
fields are correctly laid out..was this down with Brownian, or with 
elasticsearch itself?

I'm trying to get bro data into logstash direct, instead of using log 
files.  Thanks for any insight.


