A log parser for common zeek text logs in Go. Allows you to query logs using logic written in Go.
This is a WIP and currently supports parsing the following logs:
- dns.log
- conn.log
- http.log
- ssl.log
- x509.log
This was made because I want to do data analysis on network logs I have been collecting
which are mostly in Zeek/Bro IDS text format. These are compact files and can be retained
for a longer period compared to full packet captures. Analyzing them quickly is typically
done with zeekcut but I wanted to have more control over the logic in order to make it
repeatable. This is what zeekparse is meant to do; parse the text logs that Zeek
creates by default so that you can write your logic and analyze them in Go.
My plan is to support these logs: dns, conn, http, ssl, ssh and dhcp.
- handles gz compressed and uncompressed files
- Can parse values from headers.
- Can parse log entries into Go structures.
- Can parse dns.log entries.
- Can parse conn.log entries.
- Can parse http.log entries.
- Can parse ssl.log entries.
- Can parse x509.log entries.
- Can parse dhcp.log entries.