[Bro] 答复: about logs-to-elasticsearch.bro script

mz mz89924 at 126.com
Thu Mar 24 18:32:30 PDT 2016


Thanks very much

 

发件人: Grant Stavely [mailto:grant at grantstavely.com] 
发送时间: 2016年3月24日 23:48
收件人: ine
抄送: bro at bro.org
主题: Re: [Bro] about logs-to-elasticsearch.bro script

 

Hi ine,

 

In local.bro, redef the consts defined in
https://github.com/bro/bro-plugins/blob/9b7943e1a61062005f01b48eaad11bbb3b7a
e757/elasticsearch/scripts/init.bro, e.g.:

 

# Configure Elasticsearch
redef LogElasticSearch::server_host = "x.x.x.x";
redef LogElasticSearch::server_port= 9200;
redef LogElasticSearch::cluster_name = "security";
redef LogElasticSearch::index_prefix = "bro";
redef LogElasticSearch::excluded_log_ids += {
       Known::HOSTS_LOG,
};

 

Grant

 

On Mar 23, 2016, at 23:32, ine <mz89924 at 126.com <mailto:mz89924 at 126.com> >
wrote:

 

Dear all

    how to set index when use logs-to-elasticsearch.bro.






 

_______________________________________________
Bro mailing list
bro at bro-ids.org <mailto:bro at bro-ids.org> 
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160325/6302bebd/attachment.html 


More information about the Bro mailing list