Dear all
how to set index when use logs-to-elasticsearch.bro.

What do you mean with index ?

Hi ine,

In local.bro, redef the consts defined in https://github.com/bro/bro-plugins/blob/9b7943e1a61062005f01b48eaad11bbb3b7ae757/elasticsearch/scripts/init.bro, e.g.:

Configure Elasticsearch

redef LogElasticSearch::server_host = “x.x.x.x”;
redef LogElasticSearch::server_port= 9200;
redef LogElasticSearch::cluster_name = “security”;
redef LogElasticSearch::index_prefix = “bro”;
redef LogElasticSearch::excluded_log_ids += {
Known::HOSTS_LOG,
};

Grant

Dear

Index for Kibana.

Thanks very much