[Bro] redef LogElasticSearch variables

Jesse Bowling jessebowling at gmail.com
Mon Feb 25 12:57:14 PST 2013


Ah yes, syntax... :)

Thank you all, that checks out ok.

Cheers,

Jesse

On Mon, Feb 25, 2013 at 3:56 PM, Seth Hall <seth at icir.org> wrote:

>
> On Feb 25, 2013, at 3:45 PM, Jesse Bowling <jessebowling at gmail.com> wrote:
>
> > bro/base/frameworks/logging/writers/elasticsearch.bro
>
> This is the script level support for the elasticsearch writer.
>
> > bro/policy/tuning/logs-to-elasticsearch.bro
>
> This is a utility script to help you send your logs to ElasticSearch.  It
> has some tuning options so you can choose if you only want to send certain
> logs.
>
> > Both of them specify that the module is called "LogElasticSearch"...Is
> that a problem? At any rate…
>
> Defining a module only sets that to your current namespace.  You can
> define it multiple times.
>
> I believe Justin answered the rest of your question. :)
>
>   .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
>


-- 
Jesse Bowling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130225/9271a11e/attachment.html 


More information about the Bro mailing list