Writing analyzers with Spicy¶
Spicy is a parser generator that makes it easy to create robust C++ parsers network protocols, file formats, and more. Spicy analyzers can be integrated with Zeek with spicy-plugin so that one can create Zeek protocol, packet and file analyzers.
Spicy is documented separately, so this section just presents high-level points relevant for Zeek.
A Zeek configured with default
./configure options includes Spicy. If the
--disable-spicy configure option is used instead, Spicy and
spicy-plugin need to be installed out of band, see the instructions for
Writing an analyzer¶
Analyzer scaffolding including a Spicy grammar
.spicy, Zeek integration
.evt and a CMake build setup can be generated with the zkg
package manager with the
default package template by passing
See the Spicy documentation for details on how to write and integrate a parser.