[Bro] How use logs-to-elasticsearch.bro
Blake.Mackey at rmc.ca
Tue Mar 1 04:35:14 PST 2016
If you are using the elk stack, check out :
Blake Mackey, CD
SLt | ens 1
Royal Military College of Canada | Collège militaire royal du Canada
On Mar 1, 2016, at 03:18, Daniel Guerra <daniel.guerra69 at gmail.com<mailto:daniel.guerra69 at gmail.com>> wrote:
There is a problem with elasticsearch 2.0 and higher.
It doesn’t accept dots in field names and there are
some timestamp issues.
(check the patch dir)
On 01 Mar 2016, at 07:53, mz <mz89924 at 126.com<mailto:mz89924 at 126.com>> wrote:
I would like to use logs-to-elasticsearch.bro this script to log the Bro Elasticsearch。
My Bro Version: 2.4.1
1．Use this script is not you do not need logstash, Bro will be sent directly to the log Elasticsearch?
2．I follow the official document: https: //www.bro.org/sphinx/components/bro-plugins/elasticsearch/README.html<http://www.bro.org/sphinx/components/bro-plugins/elasticsearch/README.html> is configured in /usr/local/bro/share/bro/site/local. bro added @load bro/ElasticSearch/logs-to-elasticsearch.bro. But it was not successful, in addition to the configuration of the document still need additional configuration?
Bro mailing list
bro at bro-ids.org<mailto:bro at bro-ids.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro