Simple logfile parser for Bro IDS. This library parses and transforms entries in a logfile created by the ASCII Writer into a dynamically generated namedtuple. Fields are converted into native Python data types.
- python3
python3 setup.py install
pytest
# OR
python3 setup.py test
>>> from brologparse import parse_log_file
>>> for entry in parse_log_file("conn.log"):
... # entry._fields: Tuple of strings listing the field names
... # entry._asdict(): Return a new OrderedDict which maps field names to their corresponding values
... print(entry)
...
ConnEntry(
ts=datetime.datetime(2015, 1, 23, 0, 49, 13, 396481),
uid='CjPbcf1SkE86OWWTra',
id_orig_h=IPv4Address('192.168.1.100'),
id_orig_p=137,
id_resp_h=IPv4Address('192.168.1.255'),
id_resp_p=137,
proto='udp',
service='dns',
duration=0.752894,
orig_bytes=100,
resp_bytes=0,
conn_state='S0',
local_orig=None,
local_resp=None,
missed_bytes=0,
history='D',
orig_pkts=2,
orig_ip_bytes=156,
resp_pkts=0,
resp_ip_bytes=0,
tunnel_parents=None
)MIT
Fabian Weisshaar elnappo@nerdpol.io