{"id":28633872,"url":"https://github.com/brimdata/brimcap","last_synced_at":"2025-07-19T11:12:33.239Z","repository":{"id":37074873,"uuid":"352160985","full_name":"brimdata/brimcap","owner":"brimdata","description":"Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)","archived":false,"fork":false,"pushed_at":"2025-04-25T16:07:50.000Z","size":5526,"stargazers_count":80,"open_issues_count":17,"forks_count":10,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-04-25T17:28:25.264Z","etag":null,"topics":["brim-desktop","pcap","suricata","zeek"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/brimdata.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-03-27T19:37:21.000Z","updated_at":"2025-04-25T16:07:53.000Z","dependencies_parsed_at":"2024-06-20T06:23:09.706Z","dependency_job_id":"20ce7bf8-277a-4f02-92d5-9b0282b77b64","html_url":"https://github.com/brimdata/brimcap","commit_stats":null,"previous_names":[],"tags_count":35,"template":false,"template_full_name":null,"purl":"pkg:github/brimdata/brimcap","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brimdata%2Fbrimcap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brimdata%2Fbrimcap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brimdata%2Fbrimcap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brimdata%2Fbrimcap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/brimdata","download_url":"https://codeload.github.com/brimdata/brimcap/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brimdata%2Fbrimcap/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259495306,"owners_count":22866662,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["brim-desktop","pcap","suricata","zeek"],"created_at":"2025-06-12T15:39:22.884Z","updated_at":"2025-06-12T15:39:40.065Z","avatar_url":"https://github.com/brimdata.png","language":"Go","readme":"# brimcap [![CI][ci-img]][ci]\n\n![Image of brimcap analyze](https://github.com/brimdata/brimcap/raw/main/brimcap.gif)\n\nA command line utility for converting [pcaps](https://en.wikipedia.org/wiki/Pcap#:~:text=In%20the%20field%20of%20computer,not%20the%20API's%20proper%20name.)\ninto the flexible, searchable [Zed data formats](https://zed.brimdata.io/docs/formats/)\nas seen in the [Zui desktop app](https://github.com/brimdata/zui) and\n[Zed commands](https://zed.brimdata.io/docs/commands/).\n\n## Quickstart\n\n1. [Install brimcap](#standalone-install)\n2. Have a pcap handy (or download a [sample pcap](https://gitlab.com/wireshark/wireshark/-/wikis/SampleCaptures))\n3. Run `brimcap analyze`\n   ```\n   brimcap analyze sample.pcap \u003e sample.zng\n   ```\n4. Explore with [`zq`](https://zed.brimdata.io/docs/commands/zq/)\n   ```\n   zq -z 'zeek:=count(has(_path)), alerts:=count(has(event_type==\"alert\"))' sample.zng\n   ```\n\n## Usage with Zui desktop app\n\nbrimcap is bundled with the [Zui desktop app](https://github.com/brimdata/zui).\nWhenever a pcap is imported into Zui, the app takes the following steps:\n\n1. `brimcap analyze` is invoked to generate logs from the pcap.\n\n2. The logs are imported into a newly-created pool in Zui's\n   [Zed lake](https://zed.brimdata.io/docs/commands/zed/#1-the-lake-model).\n\n3. `brimcap index` is invoked to populate a local pcap index that allows for\n   quick extraction of flows via Zui's **Packets** button, which the app\n   performs by invoking `brimcap search`.\n\nIf Zui is running, you can perform these same  operations from your shell,\nwhich may prove useful for automation or batch import of many pcaps to the same\npool. The [Custom Brimcap Config](https://github.com/brimdata/brimcap/wiki/Custom-Brimcap-Config)\narticle shows example command lines along with other advanced configuration\noptions. When used with Zui, you should typically use the `brimcap` binary\nfound in Zui's `zdeps` directory (as described in the article), since this\nversion should be API-compatible with that version of Zui and its Zed backend.\n\n## Brimcap Queries\n\nIncluded in this repo is a `queries.json` file with some helpful queries for getting\nstarted and exploring Zeek and Suricata analyzed data within the Zui app.\n\nTo import these queries:\n\n1. Download the [`queries.json`](./queries.json?raw=1) file to your local system\n2. In Zui, click the **+** menu in the upper-left corner of the app window and select **Import Queries...**\n3. Open the downloaded file in the file picker utility\n\nThe loaded queries will appear in the \"QUERIES\" tab of Zui's left sidebar as a new folder named `Brimcap`.\n\n## Standalone Install\n\nIf you're working with brimcap separate from the Zui app, prebuilt packages\ncan be found in the [releases section](https://github.com/brimdata/brimcap/releases)\nof the brimcap GitHub repo.\n\nUnzip the artifact and add the brimcap directory to your `$PATH` environment\nvariable.\n\n```\nexport PATH=\"$PATH:/Path/To/brimcap\"\n```\n\n## Included Analyzers\n\nbrimcap includes special builds of [Zeek](https://github.com/brimdata/build-zeek)\nand [Suricata](https://github.com/brimdata/build-suricata) that were created by\nthe core development team at Brim Data. These builds are preconfigured to\nprovide a good experience out-of-the-box for generating logs from pcaps using\nbrimcap. If you wish to use your own customized Zeek/Suricata or introduce\nother pcap analysis tools, this is described in the [Custom Brimcap\nConfig](https://github.com/brimdata/brimcap/wiki/Custom-Brimcap-Config) article.\n\n## Build From Source\n\nTo build from source, Go 1.23 or later is required.\n\nTo build the brimcap package, clone this repo and run `make build`:\n\n```\ngit clone https://github.com/brimdata/brimcap\ncd brimcap\nmake build\n```\n\n`make build` will download the prebuilt/preconfigured Zeek and Suricata\nartifacts, compile the brimcap binary and package them into `build/dist`.\n\nThe executables will be located here:\n```\n./build/dist/brimcap\n./build/dist/zeek/zeekrunner\n./build/dist/suricata/suricatarunner\n```\n\n## Having a problem?\n\nPlease browse the [wiki](https://github.com/brimdata/brimcap/wiki) to review common problems and helpful tips before [opening an issue](https://github.com/brimdata/brimcap/wiki/Troubleshooting#opening-an-issue).\n\n## Join the Community\n\nJoin our [Public Slack](https://www.brimdata.io/join-slack/) workspace for announcements, Q\u0026A, and to trade tips!\n\n[ci-img]: https://github.com/brimdata/brimcap/actions/workflows/ci.yaml/badge.svg\n[ci]: https://github.com/brimdata/brimcap/actions/workflows/ci.yaml\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrimdata%2Fbrimcap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbrimdata%2Fbrimcap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrimdata%2Fbrimcap/lists"}