[Bro] Couple elasticsearch questions
seth at icir.org
Wed Jul 23 09:08:05 PDT 2014
On Jul 23, 2014, at 11:50 AM, James Lay <jlay at slave-tothe-box.net> wrote:
> I'm guessing I'm going to have to create something like the above grok
> for each bro log file....which...is going to be a hoot ;)
Are you saying that you're going to have to do this because you don't want Bro to write directly to ElasticSearch?
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140723/213b8530/attachment.bin
More information about the Bro