[Bro-Dev] ReLog
Seth Hall
seth at icir.org
Mon Aug 20 12:07:25 PDT 2012
I just pushed out a quick script that can use Bro to reimport existing Bro logs back into Bro and then log them to an alternate log writer. The primary use is for taking ASCII logs and writing them to the ElasticSearch writer. The script is actually setup to do this by default (take from ASCII and write to ElasticSearch)
It's definitely not a script you will want to run in production. It's only intended when running Bro manually at a command line. If you try to run it when reading traffic it will actually complain and terminate Bro.
I included some documentation on how to configure it in the README.
https://github.com/sethhall/relog
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list