[Oisf-users] eve2pcap.py issue
Jason Ish
lists at unx.ca
Tue Feb 21 14:37:48 UTC 2017
Hi Erik,
This is a very ugly error message saying your input JSON could not be
decoded. Any chance you can share (privately if needed) a portion of your
eve.json that causes this to happen?
Thanks,
Jason
On Tue, Feb 21, 2017 at 8:20 AM, erik clark <philosnef at gmail.com> wrote:
> Ok, so on Victors suggestion, I decided to go with eve2pcap.py (see here:
> https://blog.jasonish.org/2015/10/01/eve2pcap-eve-
> packet-and-payload-conversion-to-pcap/)
>
> I am getting this error though:
>
> python eve2pcap.py -o /tmp/output.pcap /tmp/eve.json
> Traceback (most recent call last):
> File "eve2pcap.py", line 244, in <module>
> sys.exit(main())
> File "eve2pcap.py", line 230, in main
> event = json.loads(line)
> File "/usr/lib64/python2.7/json/__init__.py", line 338, in loads
> return _default_decoder.decode(s)
> File "/usr/lib64/python2.7/json/decoder.py", line 365, in decode
> obj, end = self.raw_decode(s, idx=_w(s, 0).end())
> File "/usr/lib64/python2.7/json/decoder.py", line 381, in raw_decode
> obj, end = self.scan_once(s, idx)
> ValueError: Expecting : delimiter: line 1 column 326 (char 325)
>
>
> Any ideas? I am just running a regular eve.json file with nothing special
> configured except a 1kb payload. Thank you!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170221/81457c39/attachment-0002.html>
More information about the Oisf-users
mailing list