https://github.com/activecm/zeek-open-connections

Last synced: 3 months ago
JSON representation

Host: GitHub
URL: https://github.com/activecm/zeek-open-connections
Owner: activecm
License: gpl-3.0
Created: 2021-05-27T16:49:47.000Z (about 5 years ago)
Default Branch: master
Last Pushed: 2024-08-15T20:40:39.000Z (almost 2 years ago)
Last Synced: 2025-03-02T01:45:03.817Z (over 1 year ago)
Language: Zeek
Size: 40 KB
Stars: 12
Watchers: 3
Forks: 4
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# zeek-open-connections

By default, Zeek only logs connection information after a connection is closed or Zeek is stopped. Long-running connections can go hours, days, or weeks before they show up in logs.

This plugin periodically logs open connection info to `open_conn.log`, `open_ssl.log`, and `open_http.log`. The output is identical to `conn.log`, `ssl.log`, and `http.log`. Each entry contains the total duration and bytes for the connection.

The default interval is 1 hour. An open connection gets logged after 1 hour, then every hour after that until it closes.

Based on [zeek-long-connections](https://github.com/corelight/zeek-long-connections) by Corelight.

## Installation

```bash
zkg install zeek-open-connections
zeekctl deploy
```

## Development

Releases are created automatically when a version tag is pushed. CI tests against Zeek 6.2.1, 7.2.2, and 8.1.1.

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/activecm/zeek-open-connections

Awesome Lists containing this project

README