[Bro] How use logs-to-elasticsearch.bro
daniel.guerra69 at gmail.com
Tue Mar 1 00:18:43 PST 2016
There is a problem with elasticsearch 2.0 and higher.
It doesn’t accept dots in field names and there are
some timestamp issues.
(check the patch dir)
> On 01 Mar 2016, at 07:53, mz <mz89924 at 126.com> wrote:
> Dear all
> I would like to use logs-to-elasticsearch.bro this script to log the Bro Elasticsearch。
> My Bro Version: 2.4.1
> 1．Use this script is not you do not need logstash, Bro will be sent directly to the log Elasticsearch?
> 2．I follow the official document: https: //www.bro.org/sphinx/components/bro-plugins/elasticsearch/README.html <http://www.bro.org/sphinx/components/bro-plugins/elasticsearch/README.html> is configured in /usr/local/bro/share/bro/site/local. bro added @load bro/ElasticSearch/logs-to-elasticsearch.bro. But it was not successful, in addition to the configuration of the document still need additional configuration?
> Bro mailing list
> bro at bro-ids.org <mailto:bro at bro-ids.org>
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro <http://mailman.icsi.berkeley.edu/mailman/listinfo/bro>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro