Can't implement GoAccess with Zeek. Wrong format.

[HAIntelligence]

Hello, I am trying to implement Zeek with GoAccess, but i keep getting errors etc..

I tried everything in the forums but nothing worked, used ChatGPT to guide me but it also didn't work, tried my own formats but didn't work.

This is a snippet from my conn.log file of Zeek:

{"ts":1714979075.309996,"uid":"CQsBiPMxhajvmztpi","id.orig_h":"an ip address","id.orig_p":60265,"id.resp_h":"an ip address","id.resp_p":5353,"proto":"udp","service":"dns","conn_state":"S0","local_orig":true,"local_resp":false,"missed_bytes":0,"history":"D","orig_pkts":1,"orig_ip_bytes":74,"resp_pkts":0,"resp_ip_bytes":0}
{"ts":1714979075.36216,"uid":"C0yYsy1js3el07M1H9","id.orig_h":"an ip address","id.orig_p":137,"id.resp_h":"an ip address","id.resp_p":137,"proto":"udp","service":"dns","conn_state":"S0","local_orig":true,"local_resp":true,"missed_bytes":0,"history":"D","orig_pkts":1,"orig_ip_bytes":78,"resp_pkts":0,"resp_ip_bytes":0}

i have replaced the IPV4/6 ips with "an ip address".

Any help will be good.

Thank you in advance!

[allinurl]

Sorry about the delay. I stumbled upon a bug in the JSON parser — it didn't handle keys with dots properly. To fix this, you'll need to build from development.

The following should do the job, however, since it's not an access log, there might not be much data to extract.

# goaccess access.log --log-format='{ "ts": "%x.%^", "id.orig_h": "%h", "proto": "%e", "service": "%v", "conn_state": "%U", "orig_ip_bytes": "%b" }' --datetime-format=%s -H no -M no --ignore-panel=BROWSERS --ignore-panel=NOT_FOUND --date-spec=min

[HAIntelligence]

It worked!! Thanks alot.