<div dir="auto">Phone message, sorry for spam. If you are talking about ryu from openflow, looks it it already has a from_jsondict option. Nearly everything has a json parser nowadays<div dir="auto"><br></div><div dir="auto"><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Dec 3, 2019, 7:00 AM  <<a href="mailto:oisf-users-request@lists.openinfosecfoundation.org">oisf-users-request@lists.openinfosecfoundation.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send Oisf-users mailing list submissions to<br>
        <a href="mailto:oisf-users@lists.openinfosecfoundation.org" target="_blank" rel="noreferrer">oisf-users@lists.openinfosecfoundation.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
        <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer noreferrer" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
        <a href="mailto:oisf-users-request@lists.openinfosecfoundation.org" target="_blank" rel="noreferrer">oisf-users-request@lists.openinfosecfoundation.org</a><br>
<br>
You can reach the person managing the list at<br>
        <a href="mailto:oisf-users-owner@lists.openinfosecfoundation.org" target="_blank" rel="noreferrer">oisf-users-owner@lists.openinfosecfoundation.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of Oisf-users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
   1. Re: Question on eve.json file (Jason Ish)<br>
   2. Suricata-Ryu integration (Priyatham Ganta)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Mon, 2 Dec 2019 12:53:19 -0600<br>
From: Jason Ish <<a href="mailto:jason.ish@oisf.net" target="_blank" rel="noreferrer">jason.ish@oisf.net</a>><br>
To: <a href="mailto:oisf-users@lists.openinfosecfoundation.org" target="_blank" rel="noreferrer">oisf-users@lists.openinfosecfoundation.org</a><br>
Subject: Re: [Oisf-users] Question on eve.json file<br>
Message-ID: <<a href="mailto:01e689d1-5ffb-3e59-34b0-48a53c3c5a1a@oisf.net" target="_blank" rel="noreferrer">01e689d1-5ffb-3e59-34b0-48a53c3c5a1a@oisf.net</a>><br>
Content-Type: text/plain; charset=utf-8<br>
<br>
Hi Leonard,<br>
<br>
On 2019-12-01 10:38 p.m., Leonard Jacobs wrote:<br>
> I have noticed that several log items are nested under alert.  In<br>
> particular, signature and action are nested under alert.  Is there a way<br>
> to not have those log items nested under alert with eve.json file?<br>
<br>
No, there is a not way to do this with Suricata. Post-processing tools<br>
like Logstash could likeley be configured to make the transformation though.<br>
<br>
Eve is a generic format with mostly generic event parameters at the top<br>
level. Anything event_type specific is placed under the object for that<br>
event_type.<br>
<br>
Jason<br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Mon, 2 Dec 2019 15:47:22 -0800<br>
From: Priyatham Ganta <<a href="mailto:gantapritham4@gmail.com" target="_blank" rel="noreferrer">gantapritham4@gmail.com</a>><br>
To: <a href="mailto:oisf-users@lists.openinfosecfoundation.org" target="_blank" rel="noreferrer">oisf-users@lists.openinfosecfoundation.org</a><br>
Subject: [Oisf-users] Suricata-Ryu integration<br>
Message-ID:<br>
        <CABXPuZ93NVx8sd3=<a href="mailto:yktw2wgH--973G60COXztvqPFL_g7T233g@mail.gmail.com" target="_blank" rel="noreferrer">yktw2wgH--973G60COXztvqPFL_g7T233g@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi,<br>
<br>
I want to integrate Suricata with the Ryu controller and I checked that<br>
there is no built-in library for Suricata in the Ryu controller.<br>
<br>
I was thinking if I can convert Suricata messages to snort messages and use<br>
the same library or I want to know if there is any other way I can<br>
integrate Suricata with the Ryu controller to parse the alerts generated by<br>
Suricata.<br>
<br>
Thanks<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191202/a9362e96/attachment-0001.html" rel="noreferrer noreferrer" target="_blank">http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191202/a9362e96/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
Oisf-users mailing list<br>
<a href="mailto:Oisf-users@lists.openinfosecfoundation.org" target="_blank" rel="noreferrer">Oisf-users@lists.openinfosecfoundation.org</a><br>
<a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer noreferrer" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br>
<br>
------------------------------<br>
<br>
End of Oisf-users Digest, Vol 121, Issue 2<br>
******************************************<br>
</blockquote></div>