Zeek JSON not parsed as such

philhagen / sof-elk

Configuration files for the SOF-ELK VM

GNU General Public License v3.0

1.46k stars 272 forks source link

Zeek JSON not parsed as such #252

Closed philhagen closed 7 months ago

philhagen commented 2 years ago

Zeek files output in JSON format are not parsed properly. Need to detect JSON and handle appropriately, ideally tagging as such early in the pre-processing phase

philhagen commented 8 months ago

This comment will track completion state per log type:

conn.log should be set as of 8318b69081589004fceee5094359ea6aa13f6fe7
dns.log as of 0054297541aae1408d6d28c6811116ed9e09f7ea
http.log as of 50cb75f86a72a17694c8043ac41d60c9d0cf27f7

philhagen commented 7 months ago

this should be in solid shape now for the previously noted log types. more will be added in the future as needed.