-
Notifications
You must be signed in to change notification settings - Fork 0
Package for generating the log schema for a given invocation of Zeek
License
0xekez/log-schema
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
LogSchema ================================= A Zeek package for printing the format of Zeek's logs using the [JSON Schema](https://json-schema.org/) format. ## Installation Clone this repository and then run `zkg install .`. For instructions on getting `zkg` see the Zeek package manager [documentation](https://packages.zeek.org/). ## Usage ``` zeek <whatever scripts you normally load> log-schema ``` For example, if my typical Zeek invocation looked like `zeek interesting-logs.zeek` to dump the JSON Schema of the logs that invocation will create I would run `zeek interesting-logs.zeek log-schema`. ## How it works A low priority `zeek_init` event is registered which iterates over [`Log::active_streams`](https://docs.zeek.org/en/master/scripts/base/frameworks/logging/main.zeek.html?highlight=active_streams#id-Log::active_streams) , seriaizes them to JSON, writes them to standard out, and then calls [`terminate()`](https://docs.zeek.org/en/master/scripts/base/bif/zeek.bif.zeek.html?highlight=terminate#id-terminate). ## Using your own schema format Redefine `LogSchema::log_handler` with your own handler function. For example, to print only the number of log streams present: ```zeek redef LogSchema::log_handler = function(streams: vector of Log::Stream) { print |streams|; }; ``` Note that there is no requirement that the logs are printed to standard out.
About
Package for generating the log schema for a given invocation of Zeek
Topics
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published