[Zeek] Zeek and json output question
Justin Azoff
justin at corelight.com
Thu Jan 23 14:47:46 PST 2020
Yep! Give this a try
event zeek_init()
{
Log::add_filter(FTP::LOG, [
$name = "ftp-json",
$path = "ftp_json",
$config = table(["use_json"] = "T")
]);
}
This package does this in a bit more advanced way:
https://github.com/J-Gras/add-json
On Thu, Jan 23, 2020 at 4:44 PM Allen, Brian <brianallen at wustl.edu> wrote:
> Hi All-
>
> I want to run a test, but I don’t want to use all my zeek cluster data. I
> do know how to output all my zeek logs in JSON output, but how can I output
> just a single log to JSON output (like the ftp.log)?
>
>
>
> What I’m looking for: All the zeek logs output like normal (tab
> separated), PLUS the FTP log is output in JSON format as well. Can I break
> one out or is it all or nothing?
>
>
>
> Thank you,
>
> -Brian
>
>
>
>
> ------------------------------
>
> The materials in this message are private and may contain Protected
> Healthcare Information or other information of a sensitive nature. If you
> are not the intended recipient, be advised that any unauthorized use,
> disclosure, copying or the taking of any action in reliance on the contents
> of this information is strictly prohibited. If you have received this email
> in error, please immediately notify the sender via telephone or return mail.
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
--
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200123/8769bf3a/attachment.html
More information about the Zeek
mailing list