[Bro] ElasticSearch plugin
jlay at slave-tothe-box.net
Mon Jun 13 09:29:11 PDT 2016
On 2016-06-13 09:44, Seth Hall wrote:
> Is there anyone here relying on the elasticsearch writer plugin in the
> bro-plugins repository? It doesn't appear to work with current
> versions of elasticsearch anymore and it has always had trouble at
> sites with high rates of logging.
> If we don't get much of a response on this we will be deprecating
> and/or removing the elasticsearch writer. There should be more
> reliable mechanisms available soon anyway by either writing to a Kafka
> server and then forwarding to ElasticSearch or writing files as JSON
> and the forwarding to ElasticSearch.
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> Bro mailing list
> bro at bro-ids.org
Not I...straight up using rsyslog to pipe to Logstash.
More information about the Bro