Store ASCII and JSON output format at the same time

jose_antonio_izquier · May 9, 2018, 10:03am

Hi Bro Family,

We want to implement a logging configuration with Bro that will allow us to store the output in both formats at the same time: JSON and ASCII.

The main idea is to have something like:
.- weird.log
.- weird.json

As each filter seems to be able to use one writer, I can’t see the way to accomplish this configuration with current plugins, configs, packets. Hopefully, I’m wrong.

Does someone know if there is a configuration or packet that can help to achieve this config?

Jan · May 9, 2018, 11:38am

There is a package that provides more or less exactly this
functionality: https://github.com/J-Gras/add-json

If you have installed the Bro Package Manager:
bro-pkg install add-json

Jan

jose_antonio_izquier · May 9, 2018, 11:51am

Thanks Jan,

Will check it right now.

jose_antonio_izquier · May 9, 2018, 12:17pm

Tested… it works. Thanks

Topic		Replies	Views
Writing logs to both ACII and JSON Zeek	11	101	May 6, 2022
bro output log in different file names and format Zeek	3	76	May 6, 2022
ASCII JSON log stream Zeek	4	62	May 6, 2022
Json output Zeek	3	118	May 6, 2022
Multiple log streams Zeek	1	76	May 6, 2022

Store ASCII and JSON output format at the same time

Related Topics