Event Replay

Event Replay is a plugin for Secoura that reads in an input file, performs some replacements and outputs the result.

This can be used to simulate a continuously streaming set of log files.

Usage

Create a config file to specify the configuration to pass to the plugin:

identifier: bro-logs
delimiter: "\n"
earliest_time: -20m
latest_time: now
replacements:
  - token: ^\d{10}
    type: timestamp
    replacement: "UNIX"
  - token: \w+\t(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\t\d+\t\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\t\d+
    type: file
    replacement: /path/to/ip_address.sample
  - token: \w+\t\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\t\d+\t(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\t\d+
    type: file
    replacement: /path/to/internal_ips.sample

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
config		config
output/console		output/console
processor		processor
samples		samples
.gitignore		.gitignore
.travis.yml		.travis.yml
Makefile		Makefile
README.md		README.md
config.yml.example		config.yml.example
go.mod		go.mod
go.sum		go.sum
main.go		main.go
plugin.json		plugin.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Event Replay

Usage

About

Uh oh!

Releases 4

Packages

Languages

Secoura/eventreplay

Folders and files

Latest commit

History

Repository files navigation

Event Replay

Usage

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases 4

Packages 0

Languages

Packages