Three changes to this script, only in the scope of bro conn.log (-c option):
handling json format:
json is detected with "{" at the beginning of the file. Values are taken with a json.loads
handling redef Log::default_scope_sep = ...
By default taking "." as separator. If another one is detected (through a regexp search on id(.)orig_h) take this one
undefined services:
if the field service is missing, the line is not discarded anymore, but handled with an undefined service (fetching the service value is now out of the try expect block)
I tested with the set of testing/Files given, taking care of not breaking them, plus some other tests on my network. I can add few samples if requested.
Three changes to this script, only in the scope of bro conn.log (-c option):
I tested with the set of testing/Files given, taking care of not breaking them, plus some other tests on my network. I can add few samples if requested.