Hi all,
Just a quick question: is it possible to store Zeek’s log files in TSV and JSON formats at the same time, and storing in separate directories for each format?
Many thanks.
Hi Carlos,
Interesting question and I am also looking for the answer to your query.
If anyone shares their answer then please let me know as well.
Thanks,
Sami
Hi Carlos, hi Sami,
One of the following packages might help:
https://github.com/J-Gras/add-json
https://github.com/corelight/json-streaming-logs
Jan
This isn’t quite the answer Carlos is looking for, but just noting https://github.com/corelight/json-streaming-logs. It outputs logs into the same log output directory so these JSON logs exist alongside the TSV logs, but their naming makes them possible to match separately from the default logs.
If output to a specific directory were a requirement, I have the impression that might not be a difficult update to this package.
- Darren