[Bro] ElasticSearch plugin
blackhole.em at gmail.com
Mon Jun 13 11:35:04 PDT 2016
I hate sucking IOPs out of my boxes if i can help it... Is there no clean
way to write directly to rsyslog? I can crank the allowable message size
up fairly large, and then either write directly to a local file, or simply
ship off box.
Writing to a file, only to immediately tail that file seems a bit clunky if
you ask me, but what do I know :).
On Mon, Jun 13, 2016 at 2:31 PM, Azoff, Justin S <jazoff at illinois.edu>
> > On Jun 13, 2016, at 1:28 PM, Joe Blow <blackhole.em at gmail.com> wrote:
> > I use it a whole bunch, but it is quite clunky...
> > Part of me wishes bro would just write JSON to syslog, so that we could
> use the native rsyslog queuing and output modules (much more widely
> > Any chance that could be easily implemented?
> > Cheers,
> > JB
> You can tell bro to write to the json logs as usual, and then use rsyslog
> with the imfile module.
> - Justin Azoff
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro