[Bro] Couple elasticsearch questions

Seth Hall seth at icir.org
Wed Jul 23 09:08:05 PDT 2014

On Jul 23, 2014, at 11:50 AM, James Lay <jlay at slave-tothe-box.net> wrote:

> I'm guessing I'm going to have to create something like the above grok 
> for each bro log file....which...is going to be a hoot ;)

Are you saying that you're going to have to do this because you don't want Bro to write directly to ElasticSearch?


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140723/213b8530/attachment.bin 

More information about the Bro mailing list