You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
44 lines
1.7 KiB
44 lines
1.7 KiB
% Generated by roxygen2: do not edit by hand
|
|
% Please edit documentation in R/pcap_to_zeek.R
|
|
\name{pcap_to_zeek}
|
|
\alias{pcap_to_zeek}
|
|
\title{Process a PCAP with Zeek and create Parquet files}
|
|
\usage{
|
|
pcap_to_zeek(pcap, out_dir = tempfile(pattern = "zeek"), zeek_opts = c(), ...)
|
|
}
|
|
\arguments{
|
|
\item{pcap}{path to PCAP to process. (\code{\link[=path.expand]{path.expand()}} will be called on this value)}
|
|
|
|
\item{out_dir}{path to Parquet files. (\code{\link[=path.expand]{path.expand()}} will be called on this value)
|
|
If the directory does not exist it will be created. If ho directory is specified
|
|
a temporary directory will be created and used. You should
|
|
call \code{\link[=unlink]{unlink()}} on this path if you used a temporary directory.}
|
|
|
|
\item{zeek_opts}{extra options passed to to Zeek command line. NOTE:
|
|
\code{--no-checksums}, \code{LogAscii::use_json=T}, and \code{Log::default_scope_sep='_'}
|
|
are already handled by this function; no need to specify them.}
|
|
|
|
\item{...}{extra named parameters passed on to \code{\link[arrow:write_parquet]{arrow::write_parquet()}}}
|
|
}
|
|
\value{
|
|
length 1 character vector of the expanded path of the \code{out_dir}
|
|
}
|
|
\description{
|
|
Process a PCAP with Zeek and create Parquet files
|
|
}
|
|
\note{
|
|
the \code{zeek} binary \strong{must} be available on \code{PATH}. You can use the
|
|
environment variable \code{ZEEK_PATH} as a hint where \code{\link[=find_zeek]{find_zeek()}} will
|
|
look for the \code{zeek} binary.
|
|
}
|
|
\examples{
|
|
loc <- tryCatch(
|
|
pcap_to_zeek(system.file("pcap/ssh.pcap", package = "zeekr")),
|
|
error = function(e) message("No Zeek")
|
|
)
|
|
|
|
if (!is.null(loc)) {
|
|
read_zeek_logs(loc)
|
|
unlink(loc) # don't do this IRL until you're done working with or saving.
|
|
}
|
|
}
|
|
|