[Bro] A question on barnyard2 integration
James Lay
jlay at slave-tothe-box.net
Tue Jul 29 09:50:18 PDT 2014
On 2014-07-29 10:39, Siwek, Jon wrote:
>> The next bit...how do I tell bro to open a listening port? Thank
>> you.
>
> @load frameworks/communication/listen
>
> The default port is 47757/tcp, you can redef
> "Communication::listen_port” to change it.
>
> - Jon
Excellent thank you. Last question...I have this:
@load tuning/logs-to-elasticsearch
redef LogElasticSearch::send_logs += {
Conn::LOG,
};
Will I need to add an additional item? Or will bro pipe the barnyard2
data automatically to elasticsearch? Thanks again.
James
More information about the Bro
mailing list