brimcap
brimcap copied to clipboard
brimdata
Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)
Using #19 as an example, as of the moment of its closure, both Zeek and Brimcap have support for this cooked/SLL link layer protocol but Suricata still doesn't. We can't...
@mccanne was recently experiencing Brim/Zed/Brimcap as a user and made a helpful observation. He was very pleased with how easy it was to use `zapi` at the CLI outside of...
If you pipe the output of brimcap to zq and the zq query has an error in it, then the pipe fails silently because brimcap ignores EPIPE. It should exit...
Observed failure here: https://github.com/brimdata/brimcap/runs/3127153671?check_suite_focus=true From the logs: ``` --- FAIL: TestBrimcap/cmd/brimcap/ztests/analyze-reader-error (1.12s) 26 ztest.go:398: /Users/runner/work/brimcap/brimcap/cmd/brimcap/ztests/analyze-reader-error.yaml: stderr: regex \{"type":"warning","warning":"\.\/badoutput.sh: .*bad\.json: parse error: parsing string literal"\} 27 \{"type":"status","ts":\{"sec":\d+,"ns":\d+\},"pcap_read_size":737694,"pcap_total_size":737694,"records_written":7\} 28 does not match...
As this issue captures performance results, all numbers shown are actually the average across three different runs. Numbers will be shown with the average first, followed by the three individual...
While drafting the "Custom Brimcap Configuration" article in #72, I found myself having to to create tiny wrapper scripts to deal with the expectation that a Brimcap analyzer expects its...
The entries in the Brimcap root are JSON files with opaque names that contain pointers to the filesystem location of loaded pcaps. I expect users may appreciate having a way...
With the direction things are heading in #11, it's looking like (at least for a while) we'll be publishing per-platform Brimcap artifacts that include embedded Zeek/Suricata binaries that reliably turn...
While acting as a new user of the `brimcap analyze -config` YAML, I made the mistake of thinking the `shaper` parameter was the name of a file containing my Zed...
The solution to brimdata/zed#1039 introduces a curious behavior for generated pcap indexes: For the indexes of large pcap files the difference between adjacent X values starts out very wide then...