[Bro] How use logs-to-elasticsearch.bro
Blake Mackey
Blake.Mackey at rmc.ca
Tue Mar 1 04:35:14 PST 2016
If you are using the elk stack, check out :
https://github.com/BrashEndeavours/logstash-input-bro
Respectfully,
Blake Mackey, CD
SLt | ens 1
Royal Military College of Canada | Collège militaire royal du Canada
(613)331-6438<tel:(613)331-6438>
On Mar 1, 2016, at 03:18, Daniel Guerra <daniel.guerra69 at gmail.com<mailto:daniel.guerra69 at gmail.com>> wrote:
Hi,
There is a problem with elasticsearch 2.0 and higher.
It doesn’t accept dots in field names and there are
some timestamp issues.
Check
https://hub.docker.com/r/danielguerra/bro-debian-elasticsearch/
or
https://github.com/danielguerra69/bro-debian-elasticsearch
(check the patch dir)
Regards,
Daniel
On 01 Mar 2016, at 07:53, mz <mz89924 at 126.com<mailto:mz89924 at 126.com>> wrote:
Dear all
I would like to use logs-to-elasticsearch.bro this script to log the Bro Elasticsearch。
My Bro Version: 2.4.1
1.Use this script is not you do not need logstash, Bro will be sent directly to the log Elasticsearch?
2.I follow the official document: https: //www.bro.org/sphinx/components/bro-plugins/elasticsearch/README.html<http://www.bro.org/sphinx/components/bro-plugins/elasticsearch/README.html> is configured in /usr/local/bro/share/bro/site/local. bro added @load bro/ElasticSearch/logs-to-elasticsearch.bro. But it was not successful, in addition to the configuration of the document still need additional configuration?
_______________________________________________
Bro mailing list
bro at bro-ids.org<mailto:bro at bro-ids.org>
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro<http://mailman.icsi.berkeley.edu/mailman/listinfo/bro>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160301/c8b13015/attachment.html
More information about the Bro
mailing list