[Bro] ElasticSearch plugin

Seth Hall seth at icir.org
Mon Jun 13 08:44:45 PDT 2016

Is there anyone here relying on the elasticsearch writer plugin in the bro-plugins repository?  It doesn't appear to work with current versions of elasticsearch anymore and it has always had trouble at sites with high rates of logging.

If we don't get much of a response on this we will be deprecating and/or removing the elasticsearch writer.  There should be more reliable mechanisms available soon anyway by either writing to a Kafka server and then forwarding to ElasticSearch or writing files as JSON and the forwarding to ElasticSearch.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list