I'm looking for a solution where I could send the json data that is produced on the console to a kafka topic. eg. tshark -r "filename.pcap" -T json to my kafka topic, or produce it on the same topic using librdkafka.
If somebody knows tshark internals where I could twitch it's module where the json is printed on the console to produce the json on my kafka topic instead. If only I could get to the point where the json is packed/made and then printed on the console should work. Thanks in advance.
If only I could get to the point where the json is packed/made and then printed on the console should work. Thanks in advance.
The code that prints the JSON on the screen is in tshark.c lines 4187-4206 and lines 3834-3837
if (print_details) {
write_json_proto_tree(output_fields, print_dissections_none, TRUE,
protocolfilter, protocolfilter_flags,
edt, &cf->cinfo, node_children_grouper, &jdumper);
return !ferror(stdout);
}
and write_json_proto_tree is implemented in epan/print.c:712