[Bro] A question on barnyard2 integration

James Lay jlay at slave-tothe-box.net
Tue Jul 29 09:50:18 PDT 2014


On 2014-07-29 10:39, Siwek, Jon wrote:
>> The next bit...how do I tell bro to open a listening port?  Thank 
>> you.
>
> @load frameworks/communication/listen
>
> The default port is 47757/tcp, you can redef
> "Communication::listen_port” to change it.
>
> - Jon

Excellent thank you.  Last question...I have this:

@load tuning/logs-to-elasticsearch
redef LogElasticSearch::send_logs += {
         Conn::LOG,
};

Will I need to add an additional item?  Or will bro pipe the barnyard2 
data automatically to elasticsearch?  Thanks again.

James



More information about the Bro mailing list