[Oisf-users] eve2pcap.py issue
erik clark
philosnef at gmail.com
Tue Feb 21 14:20:41 UTC 2017
Ok, so on Victors suggestion, I decided to go with eve2pcap.py (see here:
https://blog.jasonish.org/2015/10/01/eve2pcap-eve-packet-and-payload-conversion-to-pcap/
)
I am getting this error though:
python eve2pcap.py -o /tmp/output.pcap /tmp/eve.json
Traceback (most recent call last):
File "eve2pcap.py", line 244, in <module>
sys.exit(main())
File "eve2pcap.py", line 230, in main
event = json.loads(line)
File "/usr/lib64/python2.7/json/__init__.py", line 338, in loads
return _default_decoder.decode(s)
File "/usr/lib64/python2.7/json/decoder.py", line 365, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib64/python2.7/json/decoder.py", line 381, in raw_decode
obj, end = self.scan_once(s, idx)
ValueError: Expecting : delimiter: line 1 column 326 (char 325)
Any ideas? I am just running a regular eve.json file with nothing special
configured except a 1kb payload. Thank you!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170221/05d24dbe/attachment.html>
More information about the Oisf-users
mailing list