zeeklog2pandas

Release 1.0.2

Read Zeeek/Bro log and log.gz (even broken ones) into a Pandas Dataframe.

Homepage PyPI Python

Keywords
zeeklog2pandas
License
MIT
Install
pip install zeeklog2pandas==1.0.2

Documentation

zeeklog2pandas

GitHub last commit (branch) CI PyPI - Downloads

Read Zeeek/Bro log and log.gz (even broken ones) into a Pandas Dataframe.

Installation

With pip

To install zeeklog2pandas, run this command in your terminal:

$ pip install zeeklog2pandas

This is the preferred method to install zeeklog2pandas, as it will always install the most recent stable release.

If you don't have pip installed, this Python installation guide can guide you through the process.

From sources

The sources for zeeklog2pandas can be downloaded from the Github repo.

You can either clone the public repository:

$ git clone git://github.com/stratosphereips/zeeklog2pandas

Or download the tarball:

$ curl -OJL https://github.com/stratosphereips/zeeklog2pandas/tarball/main

Once you have a copy of the source, you can install it with:

$ python setup.py install

Usage

Reading a zeek log into a pandas DataFrame

To read a file, simply import the library and use the read_zeek function.

import pandas as pd
from zeeklog2pandas import read_zeek

df = read_zeek('conn.log')  # or conn.log.gz, it will be handled transparently

Mapping column types.

The read_zeek function only parses the zeek log files, without do any explicit conversion. You will get a warning if the zeek columns have mixed types. Also you will need to convert the ts column to datetimes. You can do that easily using pandas to_datetime help.

In [1]: pd.to_datetime(df.ts, unit='s')  
Out[1]:    
0     2022-07-05 12:11:45.286374144  
1     2022-07-05 12:11:45.286611968  
2     2022-07-05 12:11:45.286622976  
3     2022-07-05 12:11:45.286629888  
4     2022-07-05 12:11:45.286637056  
                  ...                
195   2022-07-05 12:11:45.865832192  
196   2022-07-05 12:11:45.865839104  
197   2022-07-05 12:11:45.866068992  
198   2022-07-05 12:11:45.866075904  
199   2022-07-05 12:11:45.866082816  
Name: ts, Length: 200, dtype: datetime64[ns]

Merging rotated logs

The read_zeek function does not merge the rotated log files. So if you have a bunch of hourly rotated zeek logs, you can easily merged into a single DataFrame doing something like

from os import scandir

dfs = []
s = scandir('2022-07-05/')
for f in s:
	if f.name.startswith('ssh.'):
		dfs.append(read_zeek(f.path))
df = pd.concat(dfs)

This will merge all the ssh logs. You can replace ssh. for conn. in order to have one DataFrame with all the conn log of that day.

You need to be sure that the DataFrames have always the same columns. Otherwise you can use some other pandas method like merge or join, but you will need to take care of how the non existing values in some columns are handled.

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
7
Latest release
First release
Stars
5
Forks
0
Watchers
5
Contributors
2
Repository size
67.4 KB
SourceRank
8

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

1.0.2
1.0.1
1.0
0.1.3rc4
0.1.3rc3
0.1.3rc2
0.1.3rc1

Contributors

Joaquin Bogado Veronica Valeros


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2023-02-04 02:45:54 UTC

Login to resync this project