[Bro] How use logs-to-elasticsearch.bro
Daniel Guerra
daniel.guerra69 at gmail.com
Tue Mar 1 00:18:43 PST 2016
Hi,
There is a problem with elasticsearch 2.0 and higher.
It doesn’t accept dots in field names and there are
some timestamp issues.
Check
https://hub.docker.com/r/danielguerra/bro-debian-elasticsearch/ <https://hub.docker.com/r/danielguerra/bro-debian-elasticsearch/>
or
https://github.com/danielguerra69/bro-debian-elasticsearch <https://github.com/danielguerra69/bro-debian-elasticsearch>
(check the patch dir)
Regards,
Daniel
> On 01 Mar 2016, at 07:53, mz <mz89924 at 126.com> wrote:
>
> Dear all
> I would like to use logs-to-elasticsearch.bro this script to log the Bro Elasticsearch。
>
> My Bro Version: 2.4.1
>
> 1.Use this script is not you do not need logstash, Bro will be sent directly to the log Elasticsearch?
>
> 2.I follow the official document: https: //www.bro.org/sphinx/components/bro-plugins/elasticsearch/README.html <http://www.bro.org/sphinx/components/bro-plugins/elasticsearch/README.html> is configured in /usr/local/bro/share/bro/site/local. bro added @load bro/ElasticSearch/logs-to-elasticsearch.bro. But it was not successful, in addition to the configuration of the document still need additional configuration?
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org <mailto:bro at bro-ids.org>
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro <http://mailman.icsi.berkeley.edu/mailman/listinfo/bro>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160301/b2ccfc8d/attachment-0001.html
More information about the Bro
mailing list