:tocdepth: 3

policy/tuning/logs-to-elasticsearch.bro
=======================================
.. bro:namespace:: LogElasticSearch

Load this script to enable global log output to an ElasticSearch database.

:Namespace: LogElasticSearch
:Source File: :download:`/scripts/policy/tuning/logs-to-elasticsearch.bro`

Summary
~~~~~~~
Options
#######
====================================================================================== ================================================================
:bro:id:`LogElasticSearch::excluded_log_ids`: :bro:type:`set` :bro:attr:`&redef`       Optionally ignore any :bro:type:`Log::ID` from being sent to
                                                                                       ElasticSearch with this script.
:bro:id:`LogElasticSearch::rotation_interval`: :bro:type:`interval` :bro:attr:`&redef` An elasticsearch specific rotation interval.
:bro:id:`LogElasticSearch::send_logs`: :bro:type:`set` :bro:attr:`&redef`              If you want to explicitly only send certain :bro:type:`Log::ID` 
                                                                                       streams, add them to this set.
====================================================================================== ================================================================


Detailed Interface
~~~~~~~~~~~~~~~~~~
Options
#######
.. bro:id:: LogElasticSearch::excluded_log_ids

   :Type: :bro:type:`set` [:bro:type:`Log::ID`]
   :Attributes: :bro:attr:`&redef`
   :Default: ``{}``

   Optionally ignore any :bro:type:`Log::ID` from being sent to
   ElasticSearch with this script.

.. bro:id:: LogElasticSearch::rotation_interval

   :Type: :bro:type:`interval`
   :Attributes: :bro:attr:`&redef`
   :Default: ``3.0 hrs``

   An elasticsearch specific rotation interval.

.. bro:id:: LogElasticSearch::send_logs

   :Type: :bro:type:`set` [:bro:type:`Log::ID`]
   :Attributes: :bro:attr:`&redef`
   :Default: ``{}``

   If you want to explicitly only send certain :bro:type:`Log::ID` 
   streams, add them to this set.  If the set remains empty, all will 
   be sent.  The :bro:id:`LogElasticSearch::excluded_log_ids` option
   will remain in effect as well.


