zeekr/man/pcap_to_zeek.Rd

% Generated by roxygen2: do not edit by hand
% Please edit documentation in R/pcap_to_zeek.R
\name{pcap_to_zeek}
\alias{pcap_to_zeek}
\title{Process a PCAP with Zeek and create Parquet files}
\usage{
pcap_to_zeek(pcap, out_dir = tempfile(pattern = "zeek"), zeek_opts = c(), ...)
}
\arguments{
\item{pcap}{path to PCAP to process. (\code{\link[=path.expand]{path.expand()}} will be called on this value)}

\item{out_dir}{path to Parquet files. (\code{\link[=path.expand]{path.expand()}} will be called on this value)
If the directory does not exist it will be created. If ho directory is specified
a temporary directory will be created and used. You should
call \code{\link[=unlink]{unlink()}} on this path if you used a temporary directory.}

\item{zeek_opts}{extra options passed to to Zeek command line. NOTE:
\code{--no-checksums}, \code{LogAscii::use_json=T}, and \code{Log::default_scope_sep='_'}
are already handled by this function; no need to specify them.}

\item{...}{extra named parameters passed on to \code{\link[arrow:write_parquet]{arrow::write_parquet()}}}
}
\value{
length 1 character vector of the expanded path of the \code{out_dir}
}
\description{
Process a PCAP with Zeek and create Parquet files
}
\note{
the \code{zeek} binary \strong{must} be available on \code{PATH}. You can use the
environment variable \code{ZEEK_PATH} as a hint where \code{\link[=find_zeek]{find_zeek()}} will
look for the \code{zeek} binary.
}
\examples{
loc <- tryCatch(
  pcap_to_zeek(system.file("pcap/ssh.pcap", package = "zeekr")),
  error = function(e) message("No Zeek")
)

if (!is.null(loc)) {
  read_zeek_logs(loc)
  unlink(loc) # don't do this IRL until you're done working with or saving.
}
}
initial commit 3 years ago			`% Generated by roxygen2: do not edit by hand`
			`% Please edit documentation in R/pcap_to_zeek.R`
			`\name{pcap_to_zeek}`
			`\alias{pcap_to_zeek}`
			`\title{Process a PCAP with Zeek and create Parquet files}`
			`\usage{`
			`pcap_to_zeek(pcap, out_dir = tempfile(pattern = "zeek"), zeek_opts = c(), ...)`
			`}`
			`\arguments{`
			`\item{pcap}{path to PCAP to process. (\code{\link[=path.expand]{path.expand()}} will be called on this value)}`

			`\item{out_dir}{path to Parquet files. (\code{\link[=path.expand]{path.expand()}} will be called on this value)`
			`If the directory does not exist it will be created. If ho directory is specified`
			`a temporary directory will be created and used. You should`
			`call \code{\link[=unlink]{unlink()}} on this path if you used a temporary directory.}`

			`\item{zeek_opts}{extra options passed to to Zeek command line. NOTE:`
			`\code{--no-checksums}, \code{LogAscii::use_json=T}, and \code{Log::default_scope_sep='_'}`
			`are already handled by this function; no need to specify them.}`

			`\item{...}{extra named parameters passed on to \code{\link[arrow:write_parquet]{arrow::write_parquet()}}}`
			`}`
			`\value{`
			`length 1 character vector of the expanded path of the \code{out_dir}`
			`}`
			`\description{`
			`Process a PCAP with Zeek and create Parquet files`
			`}`
			`\note{`
			`the \code{zeek} binary \strong{must} be available on \code{PATH}. You can use the`
			`environment variable \code{ZEEK_PATH} as a hint where \code{\link[=find_zeek]{find_zeek()}} will`
			`look for the \code{zeek} binary.`
			`}`
			`\examples{`
examples/tests/workflow 3 years ago			`loc <- tryCatch(`
			`pcap_to_zeek(system.file("pcap/ssh.pcap", package = "zeekr")),`
			`error = function(e) message("No Zeek")`
			`)`

			`if (!is.null(loc)) {`
			`read_zeek_logs(loc)`
			`unlink(loc) # don't do this IRL until you're done working with or saving.`
			`}`
initial commit 3 years ago			`}`