[Bro] problem with bro json log format
Azoff, Justin S
jazoff at illinois.edu
Mon Sep 26 06:51:37 PDT 2016
> On Sep 26, 2016, at 9:47 AM, erik clark <philosnef at gmail.com> wrote:
>
> So, I am not sure whatgs going on, but when I do:
>
> python -m json.tool < $somelog
>
> I get
>
> Extra data: line 2 column 1 - line 3 column 1 (char 507 - 1011)
>
> All I did was turn json format logging on in ascii writer conf. All of my bro logs cant seem to be parsed by json.tool....
json.tool tries to read the entire log file as a single json record when it consists of one json record per line.
Use jq instead: https://stedolan.github.io/jq/
--
- Justin Azoff
More information about the Bro
mailing list