Re: Process Snort alerts on real time

[Marcin Dulak <marcin.dulak () gmail com>]

On Wed, Feb 22, 2017 at 4:31 PM, Nora Aron <valeparatodo () gmail com> wrote:

> > are you getting "Failed to encode record as JSON: __init__() got an
> > unexpected keyword argument 'encoding'"?
> > i think this is due to https://github.com/jasonish/py-idstools/issues/36
> > Fetch the latest python-idstools or just remove , encoding="latin-1" from
> > the highlighted line from /usr/lib/python2.7/site-packages/idstools/scripts/u2eve.py
> > (or where it lives on your distribution):
> > https://github.com/jasonish/py-idstools/blob/5862a936af07b37
> > 458b1fc3719f9ade065b283f1/idstools/scripts/u2eve.py#L302
> >
> >
> >
> > Hi,
> I'm not getting any error, I just need to get the packet data , converting
> it from the format this tool provides, which is unified2. The rest of the
> fields in the json are ready to use, it is just the packet in the "data"
> field.

actually this problem is already being discussed at
https://github.com/jasonish/py-idstools/issues/39
If you use python3 try with python2 - this makes a difference for me for
idstools-u2eve, not sure about SpoolEventReader.


Thanks.
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!