[Snort-users] Process Snort alerts on real time

Marcin Dulak marcin.dulak at ...11827...
Wed Feb 22 10:57:44 EST 2017


On Wed, Feb 22, 2017 at 4:31 PM, Nora Aron <valeparatodo at ...11827...> wrote:

>
>
>>
>> are you getting "Failed to encode record as JSON: __init__() got an
>> unexpected keyword argument 'encoding'"?
>> i think this is due to https://github.com/jasonish/py-idstools/issues/36
>> Fetch the latest python-idstools or just remove , encoding="latin-1" from
>> the highlighted line from /usr/lib/python2.7/site-packages/idstools/scripts/u2eve.py
>> (or where it lives on your distribution):
>> https://github.com/jasonish/py-idstools/blob/5862a936af07b37
>> 458b1fc3719f9ade065b283f1/idstools/scripts/u2eve.py#L302
>>
>>
>>
>> Hi,
> I'm not getting any error, I just need to get the packet data , converting
> it from the format this tool provides, which is unified2. The rest of the
> fields in the json are ready to use, it is just the packet in the "data"
> field.
>

actually this problem is already being discussed at
https://github.com/jasonish/py-idstools/issues/39
If you use python3 try with python2 - this makes a difference for me for
idstools-u2eve, not sure about SpoolEventReader.


Thanks.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170222/3df7d66e/attachment.html>


More information about the Snort-users mailing list