idstools.scripts.u2eve module¶

Read unified2 log files and output events as Suricata EVE JSON (or as close as possible).

class idstools.scripts.u2eve.EveFilter(msgmap=None, classmap=None, packet_printable=False, packet_hex=False)[source]¶

Bases: object

filter(event)[source]¶

format_event(event)[source]¶

format_hex(data)[source]¶

format_packet(packet)[source]¶

getprotobynumber(protocol)[source]¶

resolve_classification(event, default=None)[source]¶

resolve_msg(event, default=None)[source]¶

class idstools.scripts.u2eve.OutputWrapper(filename, fileobj=None)[source]¶

Bases: object

reopen()[source]¶

write(buf)[source]¶

class idstools.scripts.u2eve.RolloverHandler(delete)[source]¶

Bases: object

on_rollover(closed, opened)[source]¶

class idstools.scripts.u2eve.Writer(outputs, formatter)[source]¶

Bases: object

write(event)[source]¶

idstools.scripts.u2eve.calculate_flow_id(event)[source]¶

idstools.scripts.u2eve.get_tzoffset(sec)[source]¶

idstools.scripts.u2eve.load_from_snort_conf(snort_conf, classmap, msgmap)[source]¶

idstools.scripts.u2eve.main()[source]¶

idstools.scripts.u2eve.render_timestamp(sec, usec)[source]¶