ReLog

Seth_Hall3 · August 20, 2012, 7:07pm

I just pushed out a quick script that can use Bro to reimport existing Bro logs back into Bro and then log them to an alternate log writer. The primary use is for taking ASCII logs and writing them to the ElasticSearch writer. The script is actually setup to do this by default (take from ASCII and write to ElasticSearch)

It's definitely not a script you will want to run in production. It's only intended when running Bro manually at a command line. If you try to run it when reading traffic it will actually complain and terminate Bro.

I included some documentation on how to configure it in the README.
https://github.com/sethhall/relog

.Seth

Seth_Hall3 · August 20, 2012, 7:22pm

I forgot to mention too that this script requires a small change I just committed into fastpath today. It will work on master and 2.1 once that patch is merged into master.

.Seth

Topic		Replies	Views
elastic search / bro questions Zeek	17	88	May 6, 2022
send logs to custom server by socket Zeek	4	117	May 6, 2022
Elasticsearch Writer vs logstash Zeek	9	145	May 6, 2022
How use logs-to-elasticsearch.bro Zeek	9	61	May 6, 2022
Redis Log Writer Zeek	2	88	May 6, 2022

ReLog

Related Topics