[Bro] ElasticSearch plugin
Joe Blow
blackhole.em at gmail.com
Mon Jun 13 11:28:49 PDT 2016
I use it a whole bunch, but it is quite clunky...
Part of me wishes bro would just write JSON to syslog, so that we could use
the native rsyslog queuing and output modules (much more widely supported).
Any chance that could be easily implemented?
Cheers,
JB
On Mon, Jun 13, 2016 at 12:29 PM, James Lay <jlay at slave-tothe-box.net>
wrote:
> On 2016-06-13 09:44, Seth Hall wrote:
> > Is there anyone here relying on the elasticsearch writer plugin in the
> > bro-plugins repository? It doesn't appear to work with current
> > versions of elasticsearch anymore and it has always had trouble at
> > sites with high rates of logging.
> >
> > If we don't get much of a response on this we will be deprecating
> > and/or removing the elasticsearch writer. There should be more
> > reliable mechanisms available soon anyway by either writing to a Kafka
> > server and then forwarding to ElasticSearch or writing files as JSON
> > and the forwarding to ElasticSearch.
> >
> > Thanks,
> > .Seth
> >
> > --
> > Seth Hall
> > International Computer Science Institute
> > (Bro) because everyone has a network
> > http://www.bro.org/
> >
> >
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> Not I...straight up using rsyslog to pipe to Logstash.
>
> James
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160613/1a1d5344/attachment.html
More information about the Bro
mailing list