Thanks for your reply On Thursday, January 5, 2017 at 9:19:08 PM UTC+6:30, BKeep wrote: > > This won't work in v2.1.2 without some modification since it was created > using a newer version of graylog. You must be running *Graylog v2.2.0 or > later* because of using the split function in the pipeline rules and some > other new features related to streams. > https://github.com/Graylog2/graylog2-server/issues/3250 > > A workaround is to remove the line matching "default_stream": false from > the content_pack.json file located in the streams section and either > build your own regex/grok patterns or send in the bro logs using the json > output plugin and figure out how to get your fields extracted the way you > want. > > Regards, > > On Thursday, January 5, 2017 at 5:54:41 AM UTC-6, SawWinn Naung wrote: >> >> Can't import in Graylog v2.1.2 >> On Sunday, December 18, 2016 at 10:34:33 PM UTC+6:30, BKeep wrote: >>> >>> For anyone interested, I added a new content pack: >>> BRO IDS content pack contains pipeline rules, a stream, a dashboard >>> displaying interesting activity, and a syslog tcp input to capture and >>> index BRO logs coming from a Security Onion sensor. >>> >>> >>> https://marketplace.graylog.org/addons/5e6cf3c6-7bdc-4a2c-bdca-441407e4a016 >>> >>> Regards, >>> Brandon >>> >>> >>>
-- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/c49624dd-63a6-4606-8e53-ba15e000b210%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
