[Bro] elasticsearch plugin identify the proto?

Vlad Grigorescu vlad at grigorescu.org
Wed May 20 06:09:19 PDT 2015


The name of the log stream is stored as the type field in ElasticSearch.

On Wed, May 20, 2015 at 1:51 AM, Mo Jia <life.130815 at gmail.com> wrote:

> In elasticsearch.cc
>
> bool ElasticSearch::DoWrite(int num_fields, const Field* const * fields,
>     Value** vals)
>
> We can get the contents, how can I identify the proto of the content?
>
> In local logging, it will write to http.log, But in elasticsearch it
> lost the proto message.
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150520/b14d715a/attachment.html 


More information about the Bro mailing list