[Oisf-users] ryu and json dicts

erik clark philosnef at gmail.com
Tue Dec 3 12:08:02 UTC 2019 

Phone message, sorry for spam. If you are talking about ryu from openflow,
looks it it already has a from_jsondict option. Nearly everything has a
json parser nowadays



On Tue, Dec 3, 2019, 7:00 AM <
oisf-users-request at lists.openinfosecfoundation.org> wrote:

> Send Oisf-users mailing list submissions to
>         oisf-users at lists.openinfosecfoundation.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> or, via email, send a message with subject or body 'help' to
>         oisf-users-request at lists.openinfosecfoundation.org
>
> You can reach the person managing the list at
>         oisf-users-owner at lists.openinfosecfoundation.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Oisf-users digest..."
>
>
> Today's Topics:
>
>    1. Re: Question on eve.json file (Jason Ish)
>    2. Suricata-Ryu integration (Priyatham Ganta)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 2 Dec 2019 12:53:19 -0600
> From: Jason Ish <jason.ish at oisf.net>
> To: oisf-users at lists.openinfosecfoundation.org
> Subject: Re: [Oisf-users] Question on eve.json file
> Message-ID: <01e689d1-5ffb-3e59-34b0-48a53c3c5a1a at oisf.net>
> Content-Type: text/plain; charset=utf-8
>
> Hi Leonard,
>
> On 2019-12-01 10:38 p.m., Leonard Jacobs wrote:
> > I have noticed that several log items are nested under alert.  In
> > particular, signature and action are nested under alert.  Is there a way
> > to not have those log items nested under alert with eve.json file?
>
> No, there is a not way to do this with Suricata. Post-processing tools
> like Logstash could likeley be configured to make the transformation
> though.
>
> Eve is a generic format with mostly generic event parameters at the top
> level. Anything event_type specific is placed under the object for that
> event_type.
>
> Jason
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 2 Dec 2019 15:47:22 -0800
> From: Priyatham Ganta <gantapritham4 at gmail.com>
> To: oisf-users at lists.openinfosecfoundation.org
> Subject: [Oisf-users] Suricata-Ryu integration
> Message-ID:
>         <CABXPuZ93NVx8sd3=
> yktw2wgH--973G60COXztvqPFL_g7T233g at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
> I want to integrate Suricata with the Ryu controller and I checked that
> there is no built-in library for Suricata in the Ryu controller.
>
> I was thinking if I can convert Suricata messages to snort messages and use
> the same library or I want to know if there is any other way I can
> integrate Suricata with the Ryu controller to parse the alerts generated by
> Suricata.
>
> Thanks
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191202/a9362e96/attachment-0001.html
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at lists.openinfosecfoundation.org
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
> ------------------------------
>
> End of Oisf-users Digest, Vol 121, Issue 2
> ******************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191203/cfd05925/attachment.html>

More information about the Oisf-users mailing list