[Bro] redef LogElasticSearch variables
Seth Hall
seth at icir.org
Mon Feb 25 12:56:25 PST 2013
On Feb 25, 2013, at 3:45 PM, Jesse Bowling <jessebowling at gmail.com> wrote:
> bro/base/frameworks/logging/writers/elasticsearch.bro
This is the script level support for the elasticsearch writer.
> bro/policy/tuning/logs-to-elasticsearch.bro
This is a utility script to help you send your logs to ElasticSearch. It has some tuning options so you can choose if you only want to send certain logs.
> Both of them specify that the module is called "LogElasticSearch"...Is that a problem? At any rate…
�
Defining a module only sets that to your current namespace. You can define it multiple times.
I believe Justin answered the rest of your question. :)
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list