[Bro] 答复: about logs-to-elasticsearch.bro script

mz mz89924 at 126.com
Thu Mar 24 18:32:30 PDT 2016

Thanks very much


发件人: Grant Stavely [mailto:grant at grantstavely.com] 
发送时间: 2016年3月24日 23:48
收件人: ine
抄送: bro at bro.org
主题: Re: [Bro] about logs-to-elasticsearch.bro script


Hi ine,


In local.bro, redef the consts defined in
e757/elasticsearch/scripts/init.bro, e.g.:


# Configure Elasticsearch
redef LogElasticSearch::server_host = "x.x.x.x";
redef LogElasticSearch::server_port= 9200;
redef LogElasticSearch::cluster_name = "security";
redef LogElasticSearch::index_prefix = "bro";
redef LogElasticSearch::excluded_log_ids += {




On Mar 23, 2016, at 23:32, ine <mz89924 at 126.com <mailto:mz89924 at 126.com> >


Dear all

    how to set index when use logs-to-elasticsearch.bro.


Bro mailing list
bro at bro-ids.org <mailto:bro at bro-ids.org> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160325/6302bebd/attachment.html 

More information about the Bro mailing list