I Need Guidance that how can I get the Schema of all the generated logs in a csv format

how can I get the Schema of all the generated logs in a csv format
For example
Zeek is generating log files and I want the field name and it corresponding data type
But before the values are getting filled under the column is there any possibility to perform this kind of operation

Hi there,

Yeah, there are a few things you can do. The zeek_metainfo package (see here) can produce schema info. It’s a bit unusual because you need the sources of the package around to make use of the output it generates, but it’s workable. Clone it and install it:

$ git clone https://github.com/corelight/zeek_metainfo
$ cd zeek_metainfo
$ zkg install --skiptests .

Now run Zeek, enabling the package:

$ zeek zeek_metainfo

This should have produced a logschema.log file in your local directory. Now run this to get JSON:

$ cat logschema.log | zeek-cut -c schema | ./fixup_json.py > logschema.json

Now use logschema.json as you see fit. It’s not CSV, but you’ll likely want a more structured format to represent the schema info, anyway.

If you’ve made it this far, congratulations. :slight_smile:

If you know the log you’re interested in, you can also go straight to our documentation. Start at Zeek Logs — Book of Zeek (git/master) (or pick the version of the docs that matter to you) and find the log you’re interested in. For example, for the conn.log the underlying data structure with full documentation is here.

We’re hoping to provide better schema tooling in upcoming Zeek versions.

Best,
Christian