Quick script to take a gzip'd bro log (arg #1) and make it into a gzip'd JSON document (arg #2). Minimal error checking.

bro2json.py

import csv, gzip, json, itertools

class BroDictReader:
    def __init__(self, filename, comment="#"):
        self.comment = comment
        self.gzfile = gzip.open(filename, mode='r')
        self.fields = None
        self.path = None
        self.seperator = None

        # Get field names
        for line in self.gzfile:
            if line.startswith("#separator"):
                self.seperator = chr(int(line.split()[1].replace("\\", "0"), 16))
            if line.startswith("#path"):
            	self.path = line.split(self.seperator)[1].strip()
            if line.startswith("#fields"):
                self.fields = tuple([x.strip() for x in line.split(self.seperator)[1:]])
                break

        if not self.fields:
        	self.close()
        	return

        self.gzfile.seek(0)
        filtered = itertools.ifilter(lambda line: '#' not in line, self.gzfile)
        self.reader = csv.DictReader( filtered, fieldnames=self.fields, delimiter=self.seperator )

    def next(self):
        return self.reader.next()
    def close(self):
        self.gzfile.close()
    def __iter__(self):
        return self.reader.__iter__()
    def __enter__(self):
        return self
    def __exit__(self, type, value, tb):
        return self.close()

def main(infile, outfile):	
	with BroDictReader(infile, '#') as reader, gzip.open(outfile, 'w') as jsonfile:
	    if reader.gzfile.closed:
	    	print("Input file does not contain a Bro header.")
	    	return

	    for row in reader:
	    	row["type"] = reader.path
	        json.dump(row, jsonfile)
	        jsonfile.write('\n')

if __name__ == '__main__':
	import sys
	main(infile=sys.argv[1], outfile=sys.argv[2])