Data

Tools

Indexes

Applications

Experiments

Open Source Science

zeek-summarizer

Zeek Summarizer is a command-line tool to analyze and summarize Zeek log files

https://github.com/stratosphereips/zeek-summarizer

Science Score: 44.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (8.0%) to scientific vocabulary
Last synced: 10 months ago · JSON representation ·

Repository

Zeek Summarizer is a command-line tool to analyze and summarize Zeek log files

Basic Info
  • Host: GitHub
  • Owner: stratosphereips
  • License: gpl-2.0
  • Language: Python
  • Default Branch: main
  • Size: 37.1 KB
Statistics
  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • Open Issues: 0
  • Releases: 0
Created about 1 year ago · Last pushed 11 months ago
Metadata Files
Readme Contributing License Code of conduct Citation Security

README.md

Zeek Summarizer

Zeek Summarizer is a command-line tool to analyze and summarize Zeek log files. It supports connection logs, DNS, HTTP, and SSL/TLS logs and provides global statistics as well as detailed per-IP or per-port summaries.

🔧 Installation

bash git clone https://github.com/stratosphereips/zeek-summarizing.git cd zeek-summarizer python3 -m venv venv source venv/bin/activate pip install -r requirements.txt

📦 Requirements

See requirements.txt.

🚀 Usage

bash python zeek-summarizer.py -d <zeek_log_directory> [options]

Options:

  • -d, --directory (required): Path to the directory containing Zeek logs.
  • -r, --require-activity: Show only IPs that appear in non-conn logs.
  • -o, --only-conn: Show only IPs that appear only in conn logs.
  • -p, --per-port: Show summary per port instead of per IP.
  • --debug: Show debug information for internal operations.

Screenshots

image

image

📊 Examples

Basic usage

bash python zeek-summarizer.py -d ./logs

Only show IPs that have non-connection activity:

bash python zeek-summarizer.py -d ./logs -r

Show per-port summary:

bash python zeek-summarizer.py -d ./logs -p

Show only connection logs and debug info:

bash python zeek-summarizer.py -d ./logs -o --debug

📁 Supported Logs

  • conn.log
  • dns.log
  • http.log
  • ssl.log

Logs may be compressed with .gz and can use rotated filenames like conn.01:00:00-02:00:00.log.gz.

Created with ❤️ for Zeek network traffic analysis.

Owner

  • Name: Stratosphere IPS
  • Login: stratosphereips
  • Kind: organization
  • Location: Prague

Cybersecurity Research Laboratory at the Czech Technical University in Prague. Creators of Slips, a free software machine learning-based behavioral IDS/IPS.

Citation (CITATION.cff) 

cff-version: 1.2.0
message: "If you use this software, please cite it as below."
authors:
- family-names: "YOUR_NAME_HERE"
  given-names: "YOUR_NAME_HERE"
  email: youremailhere
  affiliation: >-
      Stratosphere Laboratory, AIC, FEL, Czech
      Technical University in Prague
  orcid: "https://orcid.org/0000-0000-0000-0000"
- family-names: "Lisa"
  given-names: "Mona"
  email: youremailhere
  affiliation: >-
      Stratosphere Laboratory, AIC, FEL, Czech
      Technical University in Prague
  orcid: "https://orcid.org/0000-0000-0000-0000"
title: "repository-template"
version: 1.0.0
doi: 10.5281/zenodo.1234
date-released: 2022-07-13
url: "https://github.com/stratosphereips/repository-template"

GitHub Events

Total
  • Push event: 4
  • Create event: 3
Last Year
  • Push event: 4
  • Create event: 3

Dependencies

.github/workflows/autotag.yml actions
  • actions/checkout v2 composite
  • anothrNick/github-tag-action 1.36.0 composite
requirements.txt pypi
  • rich *
  • tabulate *