idstools.scripts.u2json module

Read unified2 log files and output records as JSON.

class idstools.scripts.u2json.Formatter(msgmap=None, classmap=None, packet_printable=False, packet_hex=False, extra_printable=False)[source]

Bases: object

format(record)[source]
format_event(record)[source]
format_extra_data(record)[source]
format_hex(data)[source]
format_packet(record)[source]
key(key)[source]
resolve_classification(event, default=None)[source]
resolve_msg(event, default=None)[source]
class idstools.scripts.u2json.OutputWrapper(filename, fileobj=None)[source]

Bases: object

reopen()[source]
write(buf)[source]
idstools.scripts.u2json.load_from_snort_conf(snort_conf, classmap, msgmap)[source]
idstools.scripts.u2json.main()[source]
idstools.scripts.u2json.rollover_hook(closed, opened)[source]

The rollover hook for the spool reader. Will delete the closed file.