Created
August 8, 2014 00:53
-
-
Save dcode/1d09881b59c90d88006a to your computer and use it in GitHub Desktop.
Quick script to take a gzip'd bro log (arg #1) and make it into a gzip'd JSON document (arg #2). Minimal error checking.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import csv, gzip, json, itertools | |
class BroDictReader: | |
def __init__(self, filename, comment="#"): | |
self.comment = comment | |
self.gzfile = gzip.open(filename, mode='r') | |
self.fields = None | |
self.path = None | |
self.seperator = None | |
# Get field names | |
for line in self.gzfile: | |
if line.startswith("#separator"): | |
self.seperator = chr(int(line.split()[1].replace("\\", "0"), 16)) | |
if line.startswith("#path"): | |
self.path = line.split(self.seperator)[1].strip() | |
if line.startswith("#fields"): | |
self.fields = tuple([x.strip() for x in line.split(self.seperator)[1:]]) | |
break | |
if not self.fields: | |
self.close() | |
return | |
self.gzfile.seek(0) | |
filtered = itertools.ifilter(lambda line: '#' not in line, self.gzfile) | |
self.reader = csv.DictReader( filtered, fieldnames=self.fields, delimiter=self.seperator ) | |
def next(self): | |
return self.reader.next() | |
def close(self): | |
self.gzfile.close() | |
def __iter__(self): | |
return self.reader.__iter__() | |
def __enter__(self): | |
return self | |
def __exit__(self, type, value, tb): | |
return self.close() | |
def main(infile, outfile): | |
with BroDictReader(infile, '#') as reader, gzip.open(outfile, 'w') as jsonfile: | |
if reader.gzfile.closed: | |
print("Input file does not contain a Bro header.") | |
return | |
for row in reader: | |
row["type"] = reader.path | |
json.dump(row, jsonfile) | |
jsonfile.write('\n') | |
if __name__ == '__main__': | |
import sys | |
main(infile=sys.argv[1], outfile=sys.argv[2]) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment