[Bro] ElasticSearch plugin
Azoff, Justin S
jazoff at illinois.edu
Mon Jun 13 11:31:47 PDT 2016
> On Jun 13, 2016, at 1:28 PM, Joe Blow <blackhole.em at gmail.com> wrote:
> I use it a whole bunch, but it is quite clunky...
> Part of me wishes bro would just write JSON to syslog, so that we could use the native rsyslog queuing and output modules (much more widely supported).
> Any chance that could be easily implemented?
You can tell bro to write to the json logs as usual, and then use rsyslog with the imfile module.
- Justin Azoff
More information about the Bro