[Bro] Couple items for ES

James Lay jlay at slave-tothe-box.net
Tue Sep 13 10:31:55 PDT 2016


 From the page:

https://www.bro.org/sphinx/components/bro-plugins/elasticsearch/README.html

~~~
Installing the ElasticSearch Plugin

First, ensure that you have libcurl (headers and library) installed. 
Then the following will compile and install the plugin alongside Bro:

# ./configure && make && make install
See the output of ./configure --help for additional options if it can’t 
find any of the prerequisites.

If everything built and installed correctly, you should see this:

# bro -N Bro::ElasticSearch
Bro::ElasticSearch - ElasticSearch log writer (dynamic, version 1.0)
~~~

1.  Might wanna add the fact that you need to cd to 
bro-2.4.1/aux/plugins/elasticsearch before the ./configure && make && 
make install line and
2.  Might also wanna specify that the default plugin dir to install in 
is bro-install-dir/lib/bro/plugins/

James


More information about the Bro mailing list