zcutter

zcutter

Extract Specific Columns From Zeek Logs

About zcutter

zcutter is a program that processes Zeek logs much like the existing zeek-cut program and extends it. Like zeek-cut, zcutter can pull out specific fields from TSV-format zeek log files. zcutter goes beyond this to work with json/ndjson log files as well.

 

Primary Features

  • Command line option-compatible with zeek-cut.
  • Reads and writes both TSV and ndjson/json formatted zeek log files. All can be uncompressed, gzip-compressed, or bzip2-compressed.
  • Converts from one to the other on the fly.
  • Can accept multiple input log files. Optionally, it can write the converted log files out to a destination directory, allowing you to bulk convert an entire directory of log files at once.

 

Download Details

zcutter is available at GitHub: https://github.com/activecm/zcutter

 

Additional Resources

Blog Posts:

zcutter – More Flexible Zeek Log Processing

Webcasts:

None yet.

You may also be interested in:
ADHD
BEAKER
ESPY
PASSER
RITA
SMUDGE
THREAT SIMULATOR
AC-HUNTER
Latest Active Countermeasures Blog Posts: