[Bro] Writing JSON logs
Seth Hall
seth at icir.org
Mon Mar 10 11:29:36 PDT 2014
On Mar 7, 2014, at 9:16 AM, Jason Trost <jason.trost at gmail.com> wrote:
> Did this patch ever get pulled into Bro? I am just curious if there is now support for logging in JSON.
That patch had some structural problems. I finally went back and restructured the code in at a different layer in Bro. It should be getting merged into master soon. You'll be able to write out all of your logs in JSON format with:
@load tuning/json-logs
I went ahead and made some additional changes to the ascii writer so that most of the options that once were only globally available (like LogAscii::separator) are now available per logging filter too. This make it possible to write a script that outputs a single log in CSV format instead of tab separated without impacting all of a user's other logs.
Anyway, not in master yet, but it should be there soon and it will be in 2.3.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140310/2d03dbe6/attachment.bin
More information about the Bro
mailing list