[Bro] ElasticSearch plugin

James Lay jlay at slave-tothe-box.net
Mon Jun 13 09:29:11 PDT 2016


On 2016-06-13 09:44, Seth Hall wrote:
> Is there anyone here relying on the elasticsearch writer plugin in the
> bro-plugins repository?  It doesn't appear to work with current
> versions of elasticsearch anymore and it has always had trouble at
> sites with high rates of logging.
> 
> If we don't get much of a response on this we will be deprecating
> and/or removing the elasticsearch writer.  There should be more
> reliable mechanisms available soon anyway by either writing to a Kafka
> server and then forwarding to ElasticSearch or writing files as JSON
> and the forwarding to ElasticSearch.
> 
> Thanks,
>   .Seth
> 
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
> 
> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

Not I...straight up using rsyslog to pipe to Logstash.

James


More information about the Bro mailing list