search

SuperCowPowers / zat

Zeek Analysis Tools (ZAT): Processing and analysis of Zeek network data with Pandas, scikit-learn, Kafka and Spark
MIT License
423 stars 108 forks source link

About no output #146

Closed CindyStudyEveryday closed 1 year ago

CindyStudyEveryday commented 1 year ago

What is the possible reason for not outputting any content? Thank you. image

brifordwylie commented 1 year ago

My guess is that "E:/python/zeek/ZAT/http.log" might be an empty file. The code comes with data files... try running the script on the data that comes in the repository... 

❯ python zeek_pprint.py ../data/http.log
Successfully monitoring ../data/http.log...
{'filename': '-',
 'host': 'guyspy.com',
 'id.orig_h': '192.168.33.10',
 'id.orig_p': 1031,
 'id.resp_h': '54.245.228.191',
 'id.resp_p': 80,
 'info_code': 0,
 'info_msg': '-',
 'method': 'GET',
 'orig_fuids': '-',
 'orig_mime_types': '-',
 'password': '-',
 'proxied': '-',
 'referrer': '-',
 'request_body_len': 0,
 'resp_fuids': 'Fnjq3r4R0VGmHVWiN5',
 'resp_mime_types': 'text/html',
 'response_body_len': 184,
 'status_code': 301,
 'status_msg': 'Moved Permanently',
 'tags': '(empty)',
 'trans_depth': 1,
 'ts': datetime.datetime(2013, 9, 15, 17, 44, 27, 668082),
 'uid': 'CyIaMO7IheOh38Zsi',
 'uri': '/',
 'user_agent': 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; '
               'Trident/4.0)',
 'username': '-'}
 ...
CindyStudyEveryday commented 1 year ago

My guess is that "E:/python/zeek/ZAT/http.log" might be an empty file. The code comes with data files... try running the script on the data that comes in the repository...

❯ python zeek_pprint.py ../data/http.log
Successfully monitoring ../data/http.log...
{'filename': '-',
 'host': 'guyspy.com',
 'id.orig_h': '192.168.33.10',
 'id.orig_p': 1031,
 'id.resp_h': '54.245.228.191',
 'id.resp_p': 80,
 'info_code': 0,
 'info_msg': '-',
 'method': 'GET',
 'orig_fuids': '-',
 'orig_mime_types': '-',
 'password': '-',
 'proxied': '-',
 'referrer': '-',
 'request_body_len': 0,
 'resp_fuids': 'Fnjq3r4R0VGmHVWiN5',
 'resp_mime_types': 'text/html',
 'response_body_len': 184,
 'status_code': 301,
 'status_msg': 'Moved Permanently',
 'tags': '(empty)',
 'trans_depth': 1,
 'ts': datetime.datetime(2013, 9, 15, 17, 44, 27, 668082),
 'uid': 'CyIaMO7IheOh38Zsi',
 'uri': '/',
 'user_agent': 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; '
               'Trident/4.0)',
 'username': '-'}
 ...

I think I know the reason. The file I used is not an empty file, but it is in the json format, which makes the program invalid.

brifordwylie commented 1 year ago

@CindyStudyEveryday yeah.. there are different readers for JSON format see: https://github.com/SuperCowPowers/zat/blob/main/examples/zeek_json_to_pandas.py