[Bro] Writing JSON logs
Tritium Cat
tritium.cat at gmail.com
Fri Nov 22 06:47:42 PST 2013
Bro,
I made a patch for the Ascii log writer to write the logs in JSON format.
This was thanks to the existing code from the ElasticSearch writer and
copy/paste skill.
But when I try to enable the writer at runtime there are errors. Why ?
See patch. ( cd bro-2.2; patch -p1 < bro--write_json.patch )
Thanks,
--TC
event bro_init()
{
LogAscii::write_json=T;
}
results in
# bin/broctl check
manager failed.
error in /usr/local/3rd-party/bro/share/bro/site/local.bro, line 7:
const is not a modifiable lvalue (LogAscii::write_json)
proxy-1 failed.
error in /usr/local/3rd-party/bro/share/bro/site/local.bro, line 7:
const is not a modifiable lvalue (LogAscii::write_json)
worker-1 failed.
error in /usr/local/3rd-party/bro/share/bro/site/local.bro, line 7:
const is not a modifiable lvalue (LogAscii::write_json)
worker-2 failed.
error in /usr/local/3rd-party/bro/share/bro/site/local.bro, line 7:
const is not a modifiable lvalue (LogAscii::write_json)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131122/bd9b5528/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bro--write_json.patch
Type: application/octet-stream
Size: 8604 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131122/bd9b5528/attachment.obj
More information about the Bro
mailing list