[Bro] Bro dot problem
Daniel Guerra
daniel.guerra69 at gmail.com
Mon Dec 28 04:05:17 PST 2015
Check the patch in my repo
https://github.com/danielguerra69/bro-debian-elasticsearch.git <https://github.com/danielguerra69/bro-debian-elasticsearch.git>
> On 23 Dec 2015, at 22:36, Tim Desrochers <tgdesrochers at gmail.com> wrote:
>
> In logstash/elasticsearch there is a de_dot filter that works quite well. It has its bugs but it will get the work done.
>
> See link:
> https://www.elastic.co/guide/en/logstash/current/plugins-filters-de_dot.html <https://www.elastic.co/guide/en/logstash/current/plugins-filters-de_dot.html>
> On Dec 23, 2015 4:24 PM, "Vito Logrillo" <vitologrillo at gmail.com <mailto:vitologrillo at gmail.com>> wrote:
> Hi all,
> as you known, Elasticsearch is unable to menage fields with a dot separator.
> Until now I've used the Bro json output: the output logs were sent to
> Elastich through Logstash; from Elasticsearch 2.0 this is not
> possible.
> Is there a way to substitute a dot with another character?
> Thanks,
> Vito
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org <mailto:bro at bro-ids.org>
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro <http://mailman.icsi.berkeley.edu/mailman/listinfo/bro>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151228/119e620b/attachment.html
More information about the Bro
mailing list