[Bro] Writing JSON logs
Phil Stanhope
stanhope at gmail.com
Mon Mar 10 11:51:27 PDT 2014
Any chance we can get the InputReader to also support CSV? If it does
already, my apologies ... I'd just not figured out how to make that work
yet.
-phil
On Mon, Mar 10, 2014 at 2:29 PM, Seth Hall <seth at icir.org> wrote:
>
> On Mar 7, 2014, at 9:16 AM, Jason Trost <jason.trost at gmail.com> wrote:
>
> > Did this patch ever get pulled into Bro? I am just curious if there is
> now support for logging in JSON.
>
> That patch had some structural problems. I finally went back and
> restructured the code in at a different layer in Bro. It should be getting
> merged into master soon. You'll be able to write out all of your logs in
> JSON format with:
>
> @load tuning/json-logs
>
> I went ahead and made some additional changes to the ascii writer so that
> most of the options that once were only globally available (like
> LogAscii::separator) are now available per logging filter too. This make
> it possible to write a script that outputs a single log in CSV format
> instead of tab separated without impacting all of a user's other logs.
>
> Anyway, not in master yet, but it should be there soon and it will be in
> 2.3.
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140310/4d43b436/attachment.html
More information about the Bro
mailing list