[Bro] Json output
Azoff, Justin S
jazoff at illinois.edu
Thu Nov 17 10:04:12 PST 2016
https://www.bro.org/documentation/faq.html#why-isn-t-bro-producing-the-logs-i-expect-a-note-about-checksums
--
- Justin Azoff
> On Nov 17, 2016, at 4:57 AM, David <elhijo at 0lim.net> wrote:
>
> Hi,
>
> I'm probably missing something somewhere but when output log in json
> format I'm missing some information.
>
> Here is an ascii output:
> 479376326.037159 CAehBQ1VNmICCPUhGk X.X.X.X 36211
> 212.27.48.10 80 1 GET free.fr / -
> Lynx/2.8.7rel.2 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/1.0.1i 0
> 154 302 Moved Temporarily - - - (empty)
> - - - - - F6XUb56IvHftrZKH6 text/html
>
> Here is the json one:
> {"ts":"2016-11-17T09:52:40.953982Z","uid":"CPRQ0t2QzUecwZtHn4","id.orig_h":"X.X.X.X","id.orig_p":55750,"id.resp_h":"212.27.48.10","id.resp_p":80,"trans_depth":1,"version":"1.1","request_body_len":0,"response_body_len":154,"status_code":302,"status_msg":"Moved
> Temporarily","tags":[],"resp_fuids":["Fh69hd1zG4Giojep18"],"resp_mime_types":["text/html"]}
>
>
> method, host, uri, referrer, user_agent and others are missing in json.
>
> Is there a way to add them ?
>
> Thanks,
>
> David
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list