[Bro] loging to elasticsearch git clone
life.130815 at gmail.com
Sun May 3 20:20:53 PDT 2015
Hi, what's your elasticsearch version using? I am using 1.5.2
I only get indice like :
health status index pri rep docs.count docs.deleted
yellow open .packetbeat-topology 5 1 0 0
yellow open kibana-int 5 1 6 0
yellow open .kibana 1 1 6 0
yellow open bro-201505040900 5 1 33 0
yellow open @bro-meta 5 1 1 0
yellow open packetbeat-2015.05.04 5 1 780 0
no indice for proto analsys.
But it is strage after I
redef Log::enable_local_logging = T;
Seem that I need enable local logging so that the elasticsearch can work?
2015-05-04 10:28 GMT+08:00 Daniel Guerra <daniel.guerra69 at gmail.com>:
> Elasticsearch is working fine, I made some mistakes.
> But still no progress on the timestamps, is there an issue
> on this ?
>> On 02 May 2015, at 06:00, Seth Hall <seth at icir.org> wrote:
>>> On May 1, 2015, at 6:29 PM, Daniel Guerra <daniel.guerra69 at gmail.com> wrote:
>>> Hopefully bro can log a YYYY:mm:dd HH:MM:ss format for ts, work in progress …….
>> It can. :)
>> If you want to make JSON logs globally into ISO8601, you can do...
>> redef LogAscii::json_timestamps = JSON::TS_ISO8601;
>> Seth Hall
>> International Computer Science Institute
>> (Bro) because everyone has a network
More information about the Bro