[Oisf-users] files-json.log
F.Tremblay
fcourrier at gmail.com
Wed May 1 19:30:04 UTC 2019
Merci Victor. Working.
F.
On Wed, May 1, 2019 at 1:34 PM Victor Julien <lists at inliniac.net> wrote:
> On 01-05-19 18:56, F.Tremblay wrote:
> > Hello,
> >
> > Now that the files-json.log is gone, how can I tail only the "magic"
> > from the eve.json
> >
> > previously: tail -n200 -f /var/log/suricata/files-json.log | jq '.magic'
>
> tail -f /var/log/suricata/eve.json |jq -c
> 'select(.fileinfo.magic)|.fileinfo.magic'
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190501/bc54c264/attachment-0001.html>
More information about the Oisf-users
mailing list