brolog 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +7 -0
  2. data/lib/brolog.rb +52 -0
  3. metadata +49 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 88784c0ec15fac09e8315787e8ce49934210e2f8
4
+ data.tar.gz: 478b77128ba8d347f40931e513a36821340a9281
5
+ SHA512:
6
+ metadata.gz: b5dbf9479673c0817ade7b562979b843ed6459a89bc3813760c2394f282b862bbe2e21c3c28ea5581bd6d229a649dfcf2ed2506269866e7badf7ecc6c2dd2f7d
7
+ data.tar.gz: 78a6e1187a2c031e39f94d0dd7f663f9f0c8069c5d568507af008af5ad24144a7c4a427b45ab4892ad1ffa48f08c7d777f376c5be992d1f7c316d6d5748572ad
data/lib/brolog.rb ADDED
@@ -0,0 +1,52 @@
1
+ class Brolog
2
+ @@bro_log_directory = "/usr/local/bro/logs/current/"
3
+
4
+ # Class methods
5
+ def self.set_log_directory(location="/usr/local/bro/logs/current/")
6
+ @@bro_log_directory = location
7
+ end
8
+
9
+ def self.version
10
+ return "0.0.2"
11
+ end
12
+
13
+ #Instance methods
14
+ def initialize(log = "conn.log")
15
+ @this_log = log
16
+ @log_fields = Hash.new
17
+ self.get_log_fields
18
+ end
19
+
20
+ def get_log_fields
21
+ file = File.open(@@bro_log_directory + @this_log, "r") or return "Could not open #{@@bro_log_directory+@log}!"
22
+ @separator = file.gets.gsub(/#separator /,"").chomp.gsub("\\","0").hex.chr
23
+ @set_separator = file.gets.gsub(/#set_separator\t/,"").chomp
24
+ @empty_field = file.gets.gsub(/#empty_field\t/,"").chomp
25
+ @unset_field = file.gets.gsub(/#unset_field\t/,"").chomp
26
+ @path = file.gets.gsub(/#path\t/, "").chomp
27
+ @open = file.gets.gsub(/#open\t/, "").chomp
28
+ @fields = file.gets.gsub(/#fields\t/, "").chomp
29
+ @types = file.gets.gsub(/#types\t/, "").chomp
30
+
31
+ types = @types.split(@separator)
32
+ puts types.count
33
+ puts types
34
+ @fields.split(@separator).each_with_index { |name,x| @log_fields[name.to_s] = types[x] }
35
+ @rows = Array.new
36
+ while line = file.gets do
37
+ fields = line.chomp.split(@separator)
38
+ a=Hash.new
39
+ @log_fields.keys.each_with_index { |key,idx| a[key] = fields[idx] }
40
+ @rows << a
41
+ end
42
+ file.close
43
+ end
44
+
45
+ def rows
46
+ @rows
47
+ end
48
+
49
+ def fields
50
+ @log_fields
51
+ end
52
+ end
metadata ADDED
@@ -0,0 +1,49 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: brolog
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.2
5
+ platform: ruby
6
+ authors:
7
+ - David Hoelzer
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2016-07-26 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: The Bro IDS is a phenomenal event driven network analysis system but
14
+ interacting with the logs directly can be irritating. Even with the bro-cut tool,
15
+ more effort is required than should be necessary, especially if you'd like to parse
16
+ and interact with the logs within Ruby or some other language. While there are a
17
+ few gems out there that parse specific Bro logs, brolog supports any arbitrary Bro
18
+ log. This is absolutely Alpha software.
19
+ email: dhoelzer@enclaveforensics.com
20
+ executables: []
21
+ extensions: []
22
+ extra_rdoc_files: []
23
+ files:
24
+ - lib/brolog.rb
25
+ homepage: http://rubygems.org/gems/brolog
26
+ licenses:
27
+ - GPL
28
+ metadata: {}
29
+ post_install_message:
30
+ rdoc_options: []
31
+ require_paths:
32
+ - lib
33
+ required_ruby_version: !ruby/object:Gem::Requirement
34
+ requirements:
35
+ - - ">="
36
+ - !ruby/object:Gem::Version
37
+ version: '0'
38
+ required_rubygems_version: !ruby/object:Gem::Requirement
39
+ requirements:
40
+ - - ">="
41
+ - !ruby/object:Gem::Version
42
+ version: '0'
43
+ requirements: []
44
+ rubyforge_project:
45
+ rubygems_version: 2.2.2
46
+ signing_key:
47
+ specification_version: 4
48
+ summary: Gem for parsing and interacting with arbitrary Bro logs
49
+ test_files: []