z3ndrag0n
commented
10 years ago Command to transfer plaso data into Elasticsearch: psort.py -z EST5EDT -o Elastic --elastic_server_ip=172.16.223.144 plaso.dump
Closed z3ndrag0n closed 10 years ago
z3ndrag0n
commented
10 years ago Command to transfer plaso data into Elasticsearch: psort.py -z EST5EDT -o Elastic --elastic_server_ip=172.16.223.144 plaso.dump
z3ndrag0n
commented
10 years ago Supertimeline now invokes psort after setting ELK_IP. The command ends up looking more like: psort.py -z$TIMEZONE -o Elastic --elastic_server_ip=${ELK_IP} ${OUTPUT_LOCATION}/plaso.dump
Moving forward, may even want to be able to set ELK_IP case-by-case.
Currently the transfer from plaso into Elasticsearch is manual. As long as we grab the IP of the ELK VM while setting up, we can avoid this.