[Bro] ElasticSearch plugin
Michael Shirk
shirkdog.bsd at gmail.com
Mon Jun 13 11:22:57 PDT 2016
I would be interested in this working, as it does not work with later
versions of Elastic.
--
Michael Shirk
Daemon Security, Inc.
http://www.daemon-security.com
On Jun 13, 2016 12:43 PM, "James Lay" <jlay at slave-tothe-box.net> wrote:
> On 2016-06-13 09:44, Seth Hall wrote:
> > Is there anyone here relying on the elasticsearch writer plugin in the
> > bro-plugins repository? It doesn't appear to work with current
> > versions of elasticsearch anymore and it has always had trouble at
> > sites with high rates of logging.
> >
> > If we don't get much of a response on this we will be deprecating
> > and/or removing the elasticsearch writer. There should be more
> > reliable mechanisms available soon anyway by either writing to a Kafka
> > server and then forwarding to ElasticSearch or writing files as JSON
> > and the forwarding to ElasticSearch.
> >
> > Thanks,
> > .Seth
> >
> > --
> > Seth Hall
> > International Computer Science Institute
> > (Bro) because everyone has a network
> > http://www.bro.org/
> >
> >
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> Not I...straight up using rsyslog to pipe to Logstash.
>
> James
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160613/4b0937cd/attachment-0001.html
More information about the Bro
mailing list