Data

Tools

Indexes

Applications

Experiments

Open Source Science

zeek-term

A python tool to see ordered zeek log files with colors in the terminal, like termshark.

https://github.com/stratosphereips/zeek-term

Science Score: 44.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (5.9%) to scientific vocabulary
Last synced: 6 months ago · JSON representation ·

Repository

A python tool to see ordered zeek log files with colors in the terminal, like termshark.

Basic Info
  • Host: GitHub
  • Owner: stratosphereips
  • License: gpl-2.0
  • Language: Python
  • Default Branch: main
  • Size: 38.1 KB
Statistics
  • Stars: 1
  • Watchers: 2
  • Forks: 1
  • Open Issues: 0
  • Releases: 0
Created over 1 year ago · Last pushed 7 months ago
Metadata Files
Readme Contributing License Code of conduct Citation Security

README.md

Zeek-term

Zeek-term is a python program that reads several Zeek log files (conn.log, http.log, files.log, ssl.log, quick.log, dns.log, ntp.log) and prints all the lines sorted by time. It also adds colors so it is easier to analyze.

Features

  • Sorted logs from all the Zeek files.
  • Adds background color.
  • Adds foreground color.
  • Adds a column with the name of the file that each log cames from.

Usage

python python zeek-term.py --foreground --directory . |less -RS

  • --foreground is to use foreground colors instead of background
  • --directory is to set where the Zeek logs are
  • --filter-conn is to filter all the conn.log lines which UID is in other Zeek file. Therefore, if a flow produced other log appart from the conn.log, then the conn.log one is ignored. This is good if you want to know which conn.log lines do not have a recognizable protocol and are interesting to see.

How it looks like

image

With --filter-conn image

Without --foreground image

About

This tool was developed at the Stratosphere Laboratory at the Czech Technical University in Prague by Sebastian Garcia, sebastian.garcia@agents.fel.cvut.cz

Owner

  • Name: Stratosphere IPS
  • Login: stratosphereips
  • Kind: organization
  • Location: Prague

Cybersecurity Research Laboratory at the Czech Technical University in Prague. Creators of Slips, a free software machine learning-based behavioral IDS/IPS.

Citation (CITATION.cff) 

cff-version: 1.2.0
message: "If you use this software, please cite it as below."
authors:
  - given-names: Sebastian
    family-names: Garcia
    email: sebastian.garcia@agents.fel.cvut.cz
    affiliation: >-
      Stratosphere Laboratory, AIC, FEL, Czech
      Technical University in Prague
    orcid: 'https://orcid.org/0000-0001-6238-9910'
title: "zeek-term"
version: 1.0.0
date-released: 2024-07-24
url: "https://github.com/stratosphereips/zeek-term"

GitHub Events

Total
  • Push event: 5
  • Create event: 4
Last Year
  • Push event: 5
  • Create event: 4

Dependencies

.github/workflows/autotag.yml actions
  • actions/checkout v2 composite
  • anothrNick/github-tag-action 1.36.0 composite