[Bro] A question on barnyard2 integration
James Lay
jlay at slave-tothe-box.net
Tue Jul 29 17:21:22 PDT 2014
On Tue, 2014-07-29 at 13:14 -0400, Seth Hall wrote:
> On Jul 29, 2014, at 12:50 PM, James Lay <jlay at slave-tothe-box.net> wrote:
>
> > Will I need to add an additional item? Or will bro pipe the barnyard2
> > data automatically to elasticsearch? Thanks again.
>
> If you don't specify to send the barnyard log to ES, then it won't go (unless you don't specify which logs to send and all logs are sent). The Log::ID for the barnyard2 log is: Barnyard2::LOG
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
Hrmm....maybe I put this in wrong?
@load tuning/logs-to-elasticsearch
redef LogElasticSearch::send_logs += {
Conn::LOG,
Barnyard2::LOG
};
Error in /usr/local/bro/share/bro/site/local.bro, line 91: unknown
identifier Barnyard2::LOG, at or near "Barnyard2::LOG"
James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140729/ed562786/attachment.html
More information about the Bro
mailing list