[Bro] loging to elasticsearch git clone
Mo Jia
life.130815 at gmail.com
Sun May 3 20:20:53 PDT 2015
Hi, what's your elasticsearch version using? I am using 1.5.2
I only get indice like :
health status index pri rep docs.count docs.deleted
store.size pri.store.size
yellow open .packetbeat-topology 5 1 0 0
3.6kb 3.6kb
yellow open kibana-int 5 1 6 0
58.2kb 58.2kb
yellow open .kibana 1 1 6 0
20.5kb 20.5kb
yellow open bro-201505040900 5 1 33 0
98.6kb 98.6kb
yellow open @bro-meta 5 1 1 0
3.4kb 3.4kb
yellow open packetbeat-2015.05.04 5 1 780 0
693.2kb 693.2kb
no indice for proto analsys.
But it is strage after I
redef Log::enable_local_logging = T;
Seem that I need enable local logging so that the elasticsearch can work?
2015-05-04 10:28 GMT+08:00 Daniel Guerra <daniel.guerra69 at gmail.com>:
> Elasticsearch is working fine, I made some mistakes.
> But still no progress on the timestamps, is there an issue
> on this ?
>
>> On 02 May 2015, at 06:00, Seth Hall <seth at icir.org> wrote:
>>
>>
>>> On May 1, 2015, at 6:29 PM, Daniel Guerra <daniel.guerra69 at gmail.com> wrote:
>>>
>>> Hopefully bro can log a YYYY:mm:dd HH:MM:ss format for ts, work in progress …….
>>
>> It can. :)
>>
>> If you want to make JSON logs globally into ISO8601, you can do...
>> redef LogAscii::json_timestamps = JSON::TS_ISO8601;
>>
>> .Seth
>>
>> --
>> Seth Hall
>> International Computer Science Institute
>> (Bro) because everyone has a network
>> http://www.bro.org/
>>
>
More information about the Bro
mailing list