[Bro] Couple elasticsearch questions
jlay at slave-tothe-box.net
Wed Jul 23 08:10:44 PDT 2014
A few questions:
1. Is there a proper way to set which logs to send to elasticsearch
that I can use in local.bro instead of modifying
logs-to-elasticsearch.bro? I am assuming that logs-to-elasticsearch.bro
might change in future versions of bro.
2. The docs say to add @load tuning/logs-to-elasticsearch in
local.bro...how can I send bro data to a remote elasticsearch server
3. And lastly, as I look at the Brownian demo, I see that all the
fields are correctly laid out..was this down with Brownian, or with
I'm trying to get bro data into logstash direct, instead of using log
files. Thanks for any insight.
More information about the Bro