Package: base/frameworks/input

The input framework provides a way to read previously stored data either as an event stream or into a Zeek table.

base/frameworks/input/__load__.zeek

base/frameworks/input/main.zeek

The input framework provides a way to read previously stored data either as an event stream or into a Zeek table.

base/frameworks/input/readers/ascii.zeek

Interface for the ascii input reader.

The defaults are set to match Zeek’s ASCII output.

base/frameworks/input/readers/raw.zeek

Interface for the raw input reader.

base/frameworks/input/readers/benchmark.zeek

Interface for the benchmark input reader.

base/frameworks/input/readers/binary.zeek

Interface for the binary input reader.

base/frameworks/input/readers/config.zeek

Interface for the config input reader.

base/frameworks/input/readers/sqlite.zeek

Interface for the SQLite input reader. Redefinable options are available to tweak the input format of the SQLite reader.

See SQLite Input/Logging for an introduction on how to use the SQLite reader.

When using the SQLite reader, you have to specify the SQL query that returns the desired data by setting query in the config table. See the introduction mentioned above for an example.