[Bro] Bro logs from JSON to TSV
ElBadry Shaker, Moustafa
moustafa.elbadry at oregonstate.edu
Wed Jan 3 13:38:26 PST 2018
I want the exact TSV format.
We currently have our Bro cluster writing logs in JSON. There are couple of network traffic analytics tools like RITA (Real Intelligence Threat Analytics) and some AWK scripts that we want to use. The problem is that the tools we want to use work only with Bro’s default TSV format.
Moustafa
On 1/3/18, 1:25 PM, "Azoff, Justin S" <jazoff at illinois.edu> wrote:
Do you want the exact TSV format with the #fields and #types header, or just TSV in general?
This is a somewhat strange thing to want to do - since working with the data in JSON format is generally easier.. What exactly are you trying to accomplish after you convert the logs?
—
Justin Azoff
> On Jan 3, 2018, at 4:13 PM, ElBadry Shaker, Moustafa <moustafa.elbadry at oregonstate.edu> wrote:
>
> Greetings,
>
> Hope my email finds you well. I was wondering if someone can help me figure out how to transform existing Bro logs from JSON format to TSV format. The TSV format is what Bro uses by default to write log files. Thanks in advance!
>
> Sincerely,
> Moustafa ElBadry, Information Security Analyst, Office of Information Security
> Oregon State University | Information Services | 541-737-4545
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list