[Bro] Writing logs to both ACII and JSON
Jan Grashöfer
jan.grashoefer at gmail.com
Sun Jan 15 06:36:02 PST 2017
Hi James,
> I've already come across another Bro script that the add-json.bro script
> doesn't seem to agree with, but will unload that script as it doesn't
> provide much value for my org. I look forward to seeing an updated version
> that can handle these stray log files though!
meanwhile I have updated the script. It should work with SMB using Bro
2.5 and supports path functions. I hope the new version also works with
the third-party script you mentioned.
As additional JSON-logging seems to be a quite common requirement, I
have added the script as a package for bro-pkg. Thanks to Johanna it's
already merged! If you have configured bro-pkg, the following will
install the script:
bro-pkg install add-json
The package is located at https://github.com/J-Gras/add-json. In case
you encounter any problems, please let me know.
Best regards,
Jan
More information about the Bro
mailing list