[Bro] elasticsearch plugin identify the proto?

Mo Jia life.130815 at gmail.com
Tue May 19 23:51:34 PDT 2015


In elasticsearch.cc

bool ElasticSearch::DoWrite(int num_fields, const Field* const * fields,
    Value** vals)

We can get the contents, how can I identify the proto of the content?

In local logging, it will write to http.log, But in elasticsearch it
lost the proto message.


More information about the Bro mailing list