[Bro] about logs-to-elasticsearch.bro script

Grant Stavely grant at grantstavely.com
Thu Mar 24 08:48:24 PDT 2016


Hi ine,

In local.bro, redef the consts defined in https://github.com/bro/bro-plugins/blob/9b7943e1a61062005f01b48eaad11bbb3b7ae757/elasticsearch/scripts/init.bro <https://github.com/bro/bro-plugins/blob/9b7943e1a61062005f01b48eaad11bbb3b7ae757/elasticsearch/scripts/init.bro>, e.g.:

# Configure Elasticsearch
redef LogElasticSearch::server_host = "x.x.x.x";
redef LogElasticSearch::server_port= 9200;
redef LogElasticSearch::cluster_name = "security";
redef LogElasticSearch::index_prefix = "bro";
redef LogElasticSearch::excluded_log_ids += {
	Known::HOSTS_LOG,
};

Grant

> On Mar 23, 2016, at 23:32, ine <mz89924 at 126.com> wrote:
> 
> Dear all
>     how to set index when use logs-to-elasticsearch.bro.
> 
> 
>  
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160324/98578ac6/attachment.html 


More information about the Bro mailing list