zaneGittins / zeek-cumulative-conn

Gets cumulative connection duration from Zeek conn logs.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Zeek Cumulative Connection Duration

Gets cumulative connection duration from Zeek logs. Something similar can be done with the following command:

zcat conn.*.log.gz | zeek-cut id.orig_h id.resp_h duration | sort | grep -v '-' | datamash -g 1,2 sum 3 | sort -k 3 -rn | head -10

However, I decided to create this small program, as I found it difficult to filter out RFC1918 addresses from the id.resp_h in the above command. As an added bonus, this program runs faster then using zcat/zeek-cut/datamash.

References

ezoic increase your site revenue

About

Gets cumulative connection duration from Zeek conn logs.


Languages

Language:Go 100.0%