[Bro] elasticsearch plugin identify the proto?
vlad at grigorescu.org
Wed May 20 06:09:19 PDT 2015
The name of the log stream is stored as the type field in ElasticSearch.
On Wed, May 20, 2015 at 1:51 AM, Mo Jia <life.130815 at gmail.com> wrote:
> In elasticsearch.cc
> bool ElasticSearch::DoWrite(int num_fields, const Field* const * fields,
> Value** vals)
> We can get the contents, how can I identify the proto of the content?
> In local logging, it will write to http.log, But in elasticsearch it
> lost the proto message.
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro