[Bro] How use logs-to-elasticsearch.bro

Blake Mackey Blake.Mackey at rmc.ca
Tue Mar 1 04:35:14 PST 2016


If you are using the elk stack, check out :
https://github.com/BrashEndeavours/logstash-input-bro

Respectfully,

Blake Mackey, CD
SLt | ens 1
Royal Military College of Canada | Collège militaire royal du Canada
(613)331-6438<tel:(613)331-6438>

On Mar 1, 2016, at 03:18, Daniel Guerra <daniel.guerra69 at gmail.com<mailto:daniel.guerra69 at gmail.com>> wrote:

Hi,

There is a problem with elasticsearch 2.0 and higher.
It doesn’t accept dots in field names and there are
some timestamp issues.

Check
https://hub.docker.com/r/danielguerra/bro-debian-elasticsearch/

or

https://github.com/danielguerra69/bro-debian-elasticsearch

(check the patch dir)

Regards,

Daniel

On 01 Mar 2016, at 07:53, mz <mz89924 at 126.com<mailto:mz89924 at 126.com>> wrote:

Dear all
I would like to use logs-to-elasticsearch.bro this script to log the Bro Elasticsearch。

My Bro Version: 2.4.1

1.Use this script is not you do not need logstash, Bro will be sent directly to the log Elasticsearch?

2.I follow the official document: https: //www.bro.org/sphinx/components/bro-plugins/elasticsearch/README.html<http://www.bro.org/sphinx/components/bro-plugins/elasticsearch/README.html> is configured in /usr/local/bro/share/bro/site/local. bro added @load bro/ElasticSearch/logs-to-elasticsearch.bro. But it was not successful, in addition to the configuration of the document still need additional configuration?
_______________________________________________
Bro mailing list
bro at bro-ids.org<mailto:bro at bro-ids.org>
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro<http://mailman.icsi.berkeley.edu/mailman/listinfo/bro>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160301/c8b13015/attachment.html 


More information about the Bro mailing list