pcap_to_zeek: Process a PCAP with Zeek and create Parquet files
In hrbrmstr/zeekr: Tools to Make Analyses Using Zeek Easier
Description
Usage
Arguments
Value
Note
Examples
Description
Process a PCAP with Zeek and create Parquet files
Usage
1
pcap_to_zeek(pcap, out_dir = tempfile(pattern = "zeek"), zeek_opts = c(), ...)
Arguments
pcap
path to PCAP to process. (path.expand() will be called on this value)
out_dir
path to Parquet files. (path.expand() will be called on this value)
If the directory does not exist it will be created. If ho directory is specified
a temporary directory will be created and used. You should
call unlink() on this path if you used a temporary directory.
zeek_opts
extra options passed to to Zeek command line. NOTE:
--no-checksums, LogAscii::use_json=T, and Log::default_scope_sep='_'
are already handled by this function; no need to specify them.
...
extra named parameters passed on to arrow::write_parquet()
Value
length 1 character vector of the expanded path of the out_dir
Note
the zeek binary must be available on PATH. You can use the
environment variable ZEEK_PATH as a hint where find_zeek() will
look for the zeek binary.
Examples
1
2
3
4
5
6
7
8
9
loc <- tryCatch(
pcap_to_zeek(system.file("pcap/ssh.pcap", package = "zeekr")),
error = function(e) message("No Zeek")
)
if (!is.null(loc)) {
read_zeek_logs(loc)
unlink(loc) # don't do this IRL until you're done working with or saving.
}
hrbrmstr/zeekr documentation built on Dec. 20, 2021, 4:49 p.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Description Usage Arguments Value Note Examples
Description
Process a PCAP with Zeek and create Parquet files
Usage
1 | pcap_to_zeek(pcap, out_dir = tempfile(pattern = "zeek"), zeek_opts = c(), ...)
|
Arguments
pcap |
path to PCAP to process. ( |
out_dir |
path to Parquet files. ( |
zeek_opts |
extra options passed to to Zeek command line. NOTE:
|
... |
extra named parameters passed on to |
Value
length 1 character vector of the expanded path of the out_dir
Note
the zeek binary must be available on PATH. You can use the
environment variable ZEEK_PATH as a hint where find_zeek() will
look for the zeek binary.
Examples
1 2 3 4 5 6 7 8 9 | loc <- tryCatch(
pcap_to_zeek(system.file("pcap/ssh.pcap", package = "zeekr")),
error = function(e) message("No Zeek")
)
if (!is.null(loc)) {
read_zeek_logs(loc)
unlink(loc) # don't do this IRL until you're done working with or saving.
}
|
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.