[Bro] Question : How can I change a particular log file format?
Seth Hall
seth at icir.org
Sun Apr 3 11:50:49 PDT 2016
> On Mar 27, 2016, at 4:56 AM, Aneela Safdar <ansaf_130 at yahoo.com> wrote:
>
> I am a newbie at bro and wanted to change log format of http.log file to json.
> Currently I have made changes in ascii.bro and now I am getting all logs format in json but what I have to do if I only want http.log to have that format and others keep default?
Alternately, you can just add the following line in a script (to avoid changing base scripts)...
redef LogAscii::use_json = T;
Of course, Johanna's reply still applies since it sounds like you don't want to make that change to all of your logs.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list