[Bro] problem with bro json log format
Azoff, Justin S
jazoff at illinois.edu
Wed Sep 28 06:38:47 PDT 2016
> On Sep 28, 2016, at 4:46 AM, Frank Meier <franky.meier.1 at gmx.de> wrote:
>
> I would propose an alternative sticking to base python:
>
> import json
> with open('conn.log') as conn:
> for line in conn:
> print(json.loads(line))
>
This would be closer to what jq does by default:
import json
import pprint
import sys
for line in sys.stdin:
pprint.pprint(json.loads(line))
> or bash:
>
> for line in $(cat conn.log); do echo $line | python -m json.tool; done
$(cat conn.log) will try to expand to the entire contents of the conn log and blow up..
while read line; do echo $line | python -m json.tool;done < conn.log
would work, but since it runs python for each log line it won't be very fast :-)
--
- Justin Azoff
More information about the Bro
mailing list