Zeek-term is a python program that reads several Zeek log files (conn.log, http.log, files.log, ssl.log, quick.log, dns.log, ntp.log) and prints all the lines sorted by time. It also adds colors so it is easier to analyze.
- Sorted logs from all the Zeek files.
- Adds background color.
- Adds foreground color.
- Adds a column with the name of the file that each log cames from.
python zeek-term.py --foreground --directory . |less -RS--foregroundis to use foreground colors instead of background--directoryis to set where the Zeek logs are--filter-connis to filter all the conn.log lines which UID is in other Zeek file. Therefore, if a flow produced other log appart from the conn.log, then the conn.log one is ignored. This is good if you want to know which conn.log lines do not have a recognizable protocol and are interesting to see.
With --filter-conn
Without --foreground
This tool was developed at the Stratosphere Laboratory at the Czech Technical University in Prague by Sebastian Garcia, sebastian.garcia@agents.fel.cvut.cz