История

Anthony Verez dcde5cdfda averez-22-license: Fix license stuff (Closes #22 )		2014-04-16 11:40:15 -07:00
..
README.md	averez-doc: adding heka-lua-bro-notice and heka-lua-bro-intel configuration snippets	2014-04-08 21:22:41 -07:00
bronotice.lua	averez-22-license: Fix license stuff (Closes #22 )	2014-04-16 11:40:15 -07:00
heka.toml	averez-heka-snippets: fix stdout output	2014-04-14 15:59:32 -07:00

heka-lua-bro-notice

This configuration for heka ships notice logs for Bro stored in /nsm/bro/spool/manager/notice.log to mozdef.

We use here the Lua Sandbox for heka to parse our logs.

These log files have comments starting by # and have tab-delimited fields.

To run it:

rm -rf /var/cache/hekad/*
cp -rf bronotice.lua /usr/share/hekad
hekad -config=heka.toml