tcpflow icon indicating copy to clipboard operation
tcpflow copied to clipboard
verified publisher icon simsong

Output in JSON

Open simsong opened this issue 11 years ago • 4 comments

User @mikesmullin has requested an option to have information sent to the alert file descriptor to be in JSON.

simsong avatar May 18 '14 14:05 simsong

i don't know what alert file descriptor means. if its alerts.txt, then no i didn't find that file very useful. i probably forgot to mention i am using console output mode and then piping that to a single log file. so i want a CONSOLE output in JSON mode.

specifically, the command i use is: sudo tcpflow -i eth0 -c -B -d5 "(tcp port 80)" 2>&1 | ./tcpreflow.coffee >> /var/log/server.log

see also: this wrapper which reformats the current console output to json: https://gist.github.com/mikesmullin/935333ac93bda2334d79

mikesmullin avatar May 18 '14 16:05 mikesmullin

The alert file descriptor sends a line of text for every file that is opened and closed to a file descriptor of your choice. The file alerts.txt is part of the be13_api and shouldn't be generated in tcpflow, but the call to create the feature set recorder doesn't specify the flag to suppress the alert recorder.

Sounds like you have a collation for getting JSON output.

simsong avatar May 18 '14 16:05 simsong

json is utf-8, we must encode to use it? or export as hex? example: ["from-ip":"1.2.3.4","from-port":12345,"to-ip":"2.3.4.5","to-port":23456,"data": 0x1234123412341234123412341234123412342134]

rspadim avatar Jan 31 '16 04:01 rspadim