No known key found for this signature in database
GPG Key ID: 1D7529BE14E2BBA9
9 changed files with
65 additions and
18 deletions
-
.github/workflows/R-CMD-check.yaml
-
NAMESPACE
-
R/pcap_to_zeek.R
-
R/read-zeek-logs.R
-
R/zeekr-package.R
-
inst/tinytest/test_zeekr.R
-
man/find_zeek.Rd
-
man/pcap_to_zeek.Rd
-
man/read_zeek_logs.Rd
|
@ -6,7 +6,7 @@ on: |
|
|
- batman |
|
|
- batman |
|
|
pull_request: |
|
|
pull_request: |
|
|
branches: |
|
|
branches: |
|
|
- batmsn |
|
|
- batman |
|
|
|
|
|
|
|
|
name: R-CMD-check |
|
|
name: R-CMD-check |
|
|
|
|
|
|
|
@ -16,6 +16,8 @@ jobs: |
|
|
steps: |
|
|
steps: |
|
|
- uses: actions/checkout@v2 |
|
|
- uses: actions/checkout@v2 |
|
|
- uses: r-lib/actions/setup-r@master |
|
|
- uses: r-lib/actions/setup-r@master |
|
|
|
|
|
- name: Install Zeek |
|
|
|
|
|
uses: brew install zeek |
|
|
- name: Install dependencies |
|
|
- name: Install dependencies |
|
|
run: | |
|
|
run: | |
|
|
install.packages(c("remotes", "rcmdcheck")) |
|
|
install.packages(c("remotes", "rcmdcheck")) |
|
|
|
@ -12,3 +12,4 @@ import(ndjson) |
|
|
importFrom(tools,file_ext) |
|
|
importFrom(tools,file_ext) |
|
|
importFrom(tools,file_path_sans_ext) |
|
|
importFrom(tools,file_path_sans_ext) |
|
|
importFrom(utils,browseURL) |
|
|
importFrom(utils,browseURL) |
|
|
|
|
|
importFrom(utils,help) |
|
|
|
@ -15,9 +15,15 @@ |
|
|
#' look for the `zeek` binary. |
|
|
#' look for the `zeek` binary. |
|
|
#' @export |
|
|
#' @export |
|
|
#' @examples |
|
|
#' @examples |
|
|
#' loc <- pcap_to_zeek(system.file("pcap/ssh.pcap", package = "zeekr")) |
|
|
#' loc <- tryCatch( |
|
|
#' read_zeek_logs(loc) |
|
|
#' pcap_to_zeek(system.file("pcap/ssh.pcap", package = "zeekr")), |
|
|
#' unlink(loc) # don't do this IRL until you're done working with or saving. |
|
|
#' error = function(e) message("No Zeek") |
|
|
|
|
|
#' ) |
|
|
|
|
|
#' |
|
|
|
|
|
#' if (!is.null(loc)) { |
|
|
|
|
|
#' read_zeek_logs(loc) |
|
|
|
|
|
#' unlink(loc) # don't do this IRL until you're done working with or saving. |
|
|
|
|
|
#' } |
|
|
pcap_to_zeek <- function(pcap, out_dir = tempfile(pattern = "zeek"), zeek_opts = c(), ...) { |
|
|
pcap_to_zeek <- function(pcap, out_dir = tempfile(pattern = "zeek"), zeek_opts = c(), ...) { |
|
|
|
|
|
|
|
|
pcap <- path.expand(pcap[1]) |
|
|
pcap <- path.expand(pcap[1]) |
|
@ -84,7 +90,10 @@ pcap_to_zeek <- function(pcap, out_dir = tempfile(pattern = "zeek"), zeek_opts = |
|
|
#' @export |
|
|
#' @export |
|
|
#' @return length 1 character vector of the path to the zeek binary or `""` |
|
|
#' @return length 1 character vector of the path to the zeek binary or `""` |
|
|
#' @examples |
|
|
#' @examples |
|
|
#' find_zeek() |
|
|
#' loc <- tryCatch( |
|
|
|
|
|
#' find_zeek(), |
|
|
|
|
|
#' error = function(e) message("No Zeek") |
|
|
|
|
|
#' ) |
|
|
find_zeek <- function(path = Sys.getenv("ZEEK_PATH", "")) { |
|
|
find_zeek <- function(path = Sys.getenv("ZEEK_PATH", "")) { |
|
|
|
|
|
|
|
|
if (path != "") { |
|
|
if (path != "") { |
|
|
|
@ -4,9 +4,15 @@ |
|
|
#' @param log_dir directory of zeek logs |
|
|
#' @param log_dir directory of zeek logs |
|
|
#' @export |
|
|
#' @export |
|
|
#' @examples |
|
|
#' @examples |
|
|
#' loc <- pcap_to_zeek(system.file("pcap/ssh.pcap", package = "zeekr")) |
|
|
#' loc <- tryCatch( |
|
|
#' read_zeek_logs(loc) |
|
|
#' pcap_to_zeek(system.file("pcap/ssh.pcap", package = "zeekr")), |
|
|
#' unlink(loc) # don't do this IRL until you're done working with or saving. |
|
|
#' error = function(e) message("No Zeek") |
|
|
|
|
|
#' ) |
|
|
|
|
|
#' |
|
|
|
|
|
#' if (!is.null(loc)) { |
|
|
|
|
|
#' read_zeek_logs(loc) |
|
|
|
|
|
#' unlink(loc) # don't do this IRL until you're done working with or saving. |
|
|
|
|
|
#' } |
|
|
read_zeek_logs <- function(log_dir) { |
|
|
read_zeek_logs <- function(log_dir) { |
|
|
|
|
|
|
|
|
log_dir <- path.expand(log_dir[1]) |
|
|
log_dir <- path.expand(log_dir[1]) |
|
|
|
@ -10,6 +10,6 @@ |
|
|
#' @author Bob Rudis (bob@@rud.is) |
|
|
#' @author Bob Rudis (bob@@rud.is) |
|
|
#' @import arrow |
|
|
#' @import arrow |
|
|
#' @import ndjson |
|
|
#' @import ndjson |
|
|
#' @importFrom utils browseURL |
|
|
#' @importFrom utils browseURL help |
|
|
#' @importFrom tools file_path_sans_ext file_ext |
|
|
#' @importFrom tools file_path_sans_ext file_ext |
|
|
"_PACKAGE" |
|
|
"_PACKAGE" |
|
|
|
@ -1,4 +1,18 @@ |
|
|
|
|
|
library(zeekr) |
|
|
|
|
|
|
|
|
# Placeholder with simple test |
|
|
if (Sys.info()["sysname"] == "Darwin") { |
|
|
expect_equal(1 + 1, 2) |
|
|
|
|
|
|
|
|
Sys.setenv(ZEEK_PATH = "/opt/homebrew/bin:/usr/local/bin") |
|
|
|
|
|
|
|
|
|
|
|
loc <- tryCatch( |
|
|
|
|
|
pcap_to_zeek(system.file("pcap/ssh.pcap", package = "zeekr")), |
|
|
|
|
|
error = function(e) message("No Zeek") |
|
|
|
|
|
) |
|
|
|
|
|
|
|
|
|
|
|
if (!is.null(loc)) { |
|
|
|
|
|
read_zeek_logs(loc) |
|
|
|
|
|
unlink(loc) |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -17,5 +17,8 @@ Use the environment variable \code{ZEEK_PATH} or specify the directory in |
|
|
the call to this function. |
|
|
the call to this function. |
|
|
} |
|
|
} |
|
|
\examples{ |
|
|
\examples{ |
|
|
find_zeek() |
|
|
loc <- tryCatch( |
|
|
|
|
|
find_zeek(), |
|
|
|
|
|
error = function(e) message("No Zeek") |
|
|
|
|
|
) |
|
|
} |
|
|
} |
|
|
|
@ -32,7 +32,13 @@ environment variable \code{ZEEK_PATH} as a hint where \code{\link[=find_zeek]{fi |
|
|
look for the \code{zeek} binary. |
|
|
look for the \code{zeek} binary. |
|
|
} |
|
|
} |
|
|
\examples{ |
|
|
\examples{ |
|
|
loc <- pcap_to_zeek(system.file("pcap/ssh.pcap", package = "zeekr")) |
|
|
loc <- tryCatch( |
|
|
read_zeek_logs(loc) |
|
|
pcap_to_zeek(system.file("pcap/ssh.pcap", package = "zeekr")), |
|
|
unlink(loc) # don't do this IRL until you're done working with or saving. |
|
|
error = function(e) message("No Zeek") |
|
|
|
|
|
) |
|
|
|
|
|
|
|
|
|
|
|
if (!is.null(loc)) { |
|
|
|
|
|
read_zeek_logs(loc) |
|
|
|
|
|
unlink(loc) # don't do this IRL until you're done working with or saving. |
|
|
|
|
|
} |
|
|
} |
|
|
} |
|
|
|
@ -16,7 +16,13 @@ Read zeek logs from a processed PCAP into a list |
|
|
Logs must be in Parquet or JSON format. |
|
|
Logs must be in Parquet or JSON format. |
|
|
} |
|
|
} |
|
|
\examples{ |
|
|
\examples{ |
|
|
loc <- pcap_to_zeek(system.file("pcap/ssh.pcap", package = "zeekr")) |
|
|
loc <- tryCatch( |
|
|
read_zeek_logs(loc) |
|
|
pcap_to_zeek(system.file("pcap/ssh.pcap", package = "zeekr")), |
|
|
unlink(loc) # don't do this IRL until you're done working with or saving. |
|
|
error = function(e) message("No Zeek") |
|
|
|
|
|
) |
|
|
|
|
|
|
|
|
|
|
|
if (!is.null(loc)) { |
|
|
|
|
|
read_zeek_logs(loc) |
|
|
|
|
|
unlink(loc) # don't do this IRL until you're done working with or saving. |
|
|
|
|
|
} |
|
|
} |
|
|
} |
|
|