[Bro] ElasticSearch plugin

Azoff, Justin S jazoff at illinois.edu
Mon Jun 13 11:31:47 PDT 2016

> On Jun 13, 2016, at 1:28 PM, Joe Blow <blackhole.em at gmail.com> wrote:
> I use it a whole bunch, but it is quite clunky...
> Part of me wishes bro would just write JSON to syslog, so that we could use the native rsyslog queuing and output modules (much more widely supported).
> Any chance that could be easily implemented?
> Cheers,
> JB

You can tell bro to write to the json logs as usual, and then use rsyslog with the imfile module.

- Justin Azoff

More information about the Bro mailing list