[Bro] bro_json-logs
Daniel Guerra
daniel.guerra69 at gmail.com
Tue Nov 17 11:45:12 PST 2015
copied it from my kibana _source in the json view
(I use a patch to change id.orig_h in id_orig_h for elastic 2.0)
{
"ts": "2015-11-17T18:23:15.519645Z",
"uid": "CtqA6r1V0ob769KrQh",
"id_orig_h": "192.168.1.122",
"id_orig_p": 123,
"id_resp_h": "17.253.84.253",
"id_resp_p": 123,
"proto": "udp",
"duration": 0.393113,
"orig_bytes": 48,
"resp_bytes": 48,
"conn_state": "SF",
"missed_bytes": 0,
"history": "Dd",
"orig_pkts": 1,
"orig_ip_bytes": 76,
"resp_pkts": 1,
"resp_ip_bytes": 76,
"tunnel_parents": [],
"resp_location": "37.323002,-122.032204"
}
> On 17 Nov 2015, at 20:31, Azoff, Justin S <jazoff at illinois.edu> wrote:
>
>> On Nov 17, 2015, at 2:11 PM, Tim Desrochers <tgdesrochers at gmail.com> wrote:
>>
>> it appears that dates printed in bro logs are getting printed incorrectly and causing strange indices down stream in my ELK stack.
>>
>
> Do you have an example of one of these log entries?
>
> --
> - Justin Azoff
>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list