[Bro] Bro Elasticsearch 2+

Daniel Guerra daniel.guerra69 at gmail.com
Fri Nov 27 13:14:09 PST 2015


Hi,

I’ve been working a while on the elasticsearch integration with bro.
There have been some issues like timestamp, the elstic 2.0 no dot
and the name/type changes in the logging (version …). See my changes
in https://github.com/danielguerra69/bro-debian-elasticsearch/blob/master/Dockerfile <https://github.com/danielguerra69/bro-debian-elasticsearch/blob/master/Dockerfile>
It was made pragmatic, some changes where just a quick hack.
The latest release is stable.
https://hub.docker.com/r/danielguerra/bro-debian-elasticsearch/ <https://hub.docker.com/r/danielguerra/bro-debian-elasticsearch/>

Regards,

Daniel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151127/d993eb1a/attachment.html 


More information about the Bro mailing list