[Bro] redef LogElasticSearch variables
Jesse Bowling
jessebowling at gmail.com
Mon Feb 25 12:45:19 PST 2013
Let me preface this with "I have no idea what I'm doing".
I want to test out Bro's native elasticsearch writer...I found that there
appear to be two files for this module:
bro/base/frameworks/logging/writers/elasticsearch.bro
bro/policy/tuning/logs-to-elasticsearch.bro
Both of them specify that the module is called "LogElasticSearch"...Is that
a problem? At any rate...
I want to specify an ElasticSearch server that is not local. I didn't see
any documentation on this, but saw that elasticsearch.bro has variables
like "server_host". Seems like this would be the thing to change...So, I
tried:
@load tuning/logs-to-elasticsearch
redef LogElasticSearch::server_host = "10.10.10.10"
It appears that broctl does not like this invocation. Specifically it
chokes and says:
error in
/usr/local/bro/share/bro/policy/frameworks/communication/listen.bro, line
6: syntax error, at or near "module"
Which is weird...If I put additional redef's:
@load tuning/logs-to-elasticsearch
redef LogElasticSearch::server_host = "10.9.12.26"
redef LogElasticSearch::server_port= 9200
I then get:
error in /usr/local/bro/share/bro/site/local.bro, line 113: syntax
error, at or near "redef"
(line 113 is the last redef of server_port).
So...What am I doing wrong and how do I configure this plugin to point to
another host? Is that book on brogramming out yet? :P
Cheers,
Jesse
--
Jesse Bowling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130225/0ac04022/attachment.html
More information about the Bro
mailing list