[Bro] Couple elasticsearch questions
James Lay
jlay at slave-tothe-box.net
Wed Jul 23 08:10:44 PDT 2014
Hey all,
A few questions:
1. Is there a proper way to set which logs to send to elasticsearch
that I can use in local.bro instead of modifying
logs-to-elasticsearch.bro? I am assuming that logs-to-elasticsearch.bro
might change in future versions of bro.
2. The docs say to add @load tuning/logs-to-elasticsearch in
local.bro...how can I send bro data to a remote elasticsearch server
instead?
3. And lastly, as I look at the Brownian demo, I see that all the
fields are correctly laid out..was this down with Brownian, or with
elasticsearch itself?
I'm trying to get bro data into logstash direct, instead of using log
files. Thanks for any insight.
James
More information about the Bro
mailing list