[Bro] ElasticSearch plugin

Azoff, Justin S jazoff at illinois.edu
Mon Jun 13 11:31:47 PDT 2016


> On Jun 13, 2016, at 1:28 PM, Joe Blow <blackhole.em at gmail.com> wrote:
> 
> I use it a whole bunch, but it is quite clunky...
> 
> Part of me wishes bro would just write JSON to syslog, so that we could use the native rsyslog queuing and output modules (much more widely supported).
> 
> Any chance that could be easily implemented?
> 
> Cheers,
> 
> JB

You can tell bro to write to the json logs as usual, and then use rsyslog with the imfile module.

-- 
- Justin Azoff




More information about the Bro mailing list