[Bro] host field

Daniel Guerra daniel.guerra69 at gmail.com
Wed Oct 5 23:47:00 PDT 2016


Hi Seth,

It works perfect ! I have the git version running with
elastic 2.4 (2.5 gave some trouble again) without
my nasty JSON.cc patch.

Regards,

Daniel
  
> On 05 Oct 2016, at 04:46, Seth Hall <seth at icir.org> wrote:
> 
> 
>> On Oct 4, 2016, at 12:32 PM, Michael Shirk <shirkdog.bsd at gmail.com> wrote:
>> 
>> Seth, in 2.5 is this the way to make elastic happy, so you can rename 'id.orig_h' natively to whatever you want in Bro (minus the dots)?
> 
> The way to make elasticsearch happy is probably this...
> 	redef Log::default_scope_sep = "_";
> 
> It changes all of the periods in field names to anything you want (underscore in this case).
> 
>  .Seth
> 
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
> 
> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro




More information about the Bro mailing list