ASCII JSON log stream

Albert_Zaharovits · June 30, 2015, 7:52am

Hello,

I am writing a bro script which creates a ASCII log stream. I would like JSON output only for this stream. I was able to turn on JSON output globally.

Any idea?

Albert

Jan_Grashoefer · June 30, 2015, 8:07am

Hi Albert,

I have not tried this yet but regarding the documentation a filter may allow you to set JSON logging for a particular stream (see https://www.bro.org/sphinx-git/scripts/base/frameworks/logging/writers/ascii.bro.html).

Regards,
Jan

Daniel_Thayer · June 30, 2015, 3:49pm

There is an example in the "Logging Framework" documentation that you can use:
https://www.bro.org/sphinx/frameworks/logging.html#ascii-writer

Just replace "tsv" in the example with "use_json", and replace
Conn::LOG with your log stream ID.

Albert_Zaharovits · July 1, 2015, 12:05pm

Thank you!

This worked for me:
event bro_init()
{
  local f = Log::get_filter(MyLog::LOG, "default”);
  f$config = table(["use_json"] = "T”);
  Log::add_filter(MyLog::LOG, f);
}

Albert

Topic		Replies	Views
Writing logs to both ACII and JSON Zeek	11	105	May 6, 2022
Store ASCII and JSON output format at the same time Zeek	4	76	May 6, 2022
Question : How can I change a particular log file format? Zeek	3	84	May 6, 2022
Json output Zeek	3	119	May 6, 2022
Multiple log streams Zeek	1	76	May 6, 2022

ASCII JSON log stream

Related topics