[Bro] problem with bro json log format
philosnef at gmail.com
Mon Sep 26 06:57:47 PDT 2016
Yep, I had just gone down that route. :) I had mistakenly believed that
json.tool did more than one record at once. Thanks for the fast response
On Mon, Sep 26, 2016 at 9:51 AM, Azoff, Justin S <jazoff at illinois.edu>
> > On Sep 26, 2016, at 9:47 AM, erik clark <philosnef at gmail.com> wrote:
> > So, I am not sure whatgs going on, but when I do:
> > python -m json.tool < $somelog
> > I get
> > Extra data: line 2 column 1 - line 3 column 1 (char 507 - 1011)
> > All I did was turn json format logging on in ascii writer conf. All of
> my bro logs cant seem to be parsed by json.tool....
> json.tool tries to read the entire log file as a single json record when
> it consists of one json record per line.
> Use jq instead: https://stedolan.github.io/jq/
> - Justin Azoff
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro