[Bro] ElasticSearch plugin
landy-bible at utulsa.edu
Mon Jun 13 11:46:49 PDT 2016
I have bro output json, then use logstash to ship to redis where another
set of logstash servers pull it out to process and insert into
elasticsearch. One of the filters is to remove the dots so I can upgrade to
elasticsearch 2. I plan to replace the first logstash with filebeats.
On Jun 13, 2016 10:46 AM, "Seth Hall" <seth at icir.org> wrote:
> Is there anyone here relying on the elasticsearch writer plugin in the
> bro-plugins repository? It doesn't appear to work with current versions of
> elasticsearch anymore and it has always had trouble at sites with high
> rates of logging.
> If we don't get much of a response on this we will be deprecating and/or
> removing the elasticsearch writer. There should be more reliable
> mechanisms available soon anyway by either writing to a Kafka server and
> then forwarding to ElasticSearch or writing files as JSON and the
> forwarding to ElasticSearch.
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro