Skip to content

SSTable Scanner & Parser for Stenographer Packet Indices

License

Notifications You must be signed in to change notification settings

QXIP/stenoscope

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

image

Stenoscope

A golang scanner & JSON parser for PCAP SST index files generated by stenographer with NodeJS binding

Command Line

Compile the command line version using go 1.10+

make

Usage

JSON
./SSTableKeys /data/stenographer/1/thread0/index $(date -d '1 minute ago' +%s) $(date +%s)

NodeJS Module

Compile the native binding for nodejs (or download a prebuilt version)

npm install stenoscope

Usage

const stenoscope = require('stenoscope');
var args = process.argv.slice(2);

// Define Folder Path & Time Range
var datapath = args[0] || '/var/lib/stenographer/thread0/index';
var fromtime = parseInt(args[1]) || parseInt(new Date().getTime()/1000) - 60;
var totime =   parseInt(args[2]) || parseInt(new Date().getTime()/1000);

// Query SStable range to JSON (sstj)
console.log(
  sstable.sstj(datapath, fromtime, totime )
);