Skip to content

cotton-alta/traffic-feature-extractor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
.screenrc
.screenrc
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
extractor.zeek
extractor.zeek
 
 
manager.zeek
manager.zeek
 
 
requirements.txt
requirements.txt
 
 
traffic_log.zeek
traffic_log.zeek
 
 
worker.zeek
worker.zeek
 
 

Repository files navigation

traffic-feature-extractor

Extracting Traffic Features with Zeek

setup

  1. Create a docker image.
$ docker build --build-arg ZEEK_VERSION=4.0.1 --build-arg LIBRDKAFKA_VERSION=1.4.2 -t traffic-feature-extractor .
  1. Check that the plugin is installed in the container.
$ docker run --rm -it traffic-feature-extractor /bin/bash
$ zeek -N Seiso::Kafka
  1. Run a script to capture traffic.

for mac

$ docker run --add-host=localhost:<host private address> -e CAPTURE_INTERFACE=<network interface to capture> -e CAPTURE_PORT=<port on which kafka broker is running> --rm -it traffic-feature-extractor /bin/bash

zeek -j -C extractor.zeek

for linux

$ docker run --net=host -e CAPTURE_INTERFACE=<network interface to capture> -e CAPTURE_PORT=<port on which kafka broker is running> --rm -it traffic-feature-extractor /bin/bash

zeek -j -C extractor.zeek

About

Extracting Traffic Features with Zeek

Topics

zeek

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages