Tools such as Kibana, Wazuh, Grafana, and SecurityOnion provide excellent solutions for ingesting and visualizing data. While the benefit of such tools cannot be understated, there are times when it is helpful to have an option to examine data where resources are limited. Using zeek logs, the following demonstration project aims to provide such a solution.
### Install rust (if not already):
$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
-
Create an account on
https://www.ip2location.io/
. -
Add your ip2location api key and the IP2LOCATION_API_KEY env variable to
$CARGO_HOME/config.toml
Example config.toml:
$ cat ~/.cargo/config.toml)
[env]
IP2LOCATION_API_KEY="yourip2locationapikey"
### Clone repo:
$ git clone /~https://github.com/endepointe/log-analysis.git
$ cd log-analysis
$ sh decrypt.sh
### Enter the passphrase submitted along with the challenge.
### Otherwise, use your own zeek log data (in tsv format) to demo this tool.
$ sh run.sh
### May take a minute to query ip results.
### Presents an opportunity to solve with threading.
- Scroll Up/Down: ↑ / ↓
- Change tabs: ← / →
- Toggle menu: Esc
- Toggle additional info: i
- Toggle focus: Tab
The setup and testing will improve, bear with me. If you run into any issues, please submit an issue. I am here to help.
Tests located in tests/. Test-case addtions welcomed in PRs.
# Requires flamegraph and perf
# Repo: /~https://github.com/flamegraph-rs/flamegraph
cargo flamegraph --test <location>
Contributions are welcome! Please submit pull requests or open issues to improve the library.
This project is licensed under the MIT License. See the LICENSE file for details.