zeek/auxil/zeekctl/util/reformat-stats

#! /usr/bin/env python3
#
# Turns spool/stats.log into a format more something suitable for R.
#
# reformat-stats <stats.log> <dst-dir>
#
# Existing data in dst-dir will be deleted.

import math
import os
import sys


def filterOutput(tag, host):
    os.system(f"cat {Dest}/{tag}.dat | egrep '{host}|^ *time' >{Dest}/{tag}.{host}.dat")


def makeOutput(file, tag):
    out = open(f"{Dest}/{tag}.dat", "w")

    hosts = {}
    data = {}
    keys = {}

    for line in open(file):
        f = line.split()
        if f[3] == "error":
            continue

        try:
            (time, host, t, key, val) = f
        except ValueError:
            try:
                (time, host, t, key) = f
                val = "-"
            except ValueError:
                print(f"cannot parse '{line}'", file=sys.stderr)
                continue

        if t != tag:
            continue

        hosts[host] = 1

        time = math.floor(float(time))
        val = val

        if not time in data:
            data[time] = {}

        interval = data[time]

        if not host in interval:
            interval[host] = {}

        vals = interval[host]
        vals[key] = val
        keys[key] = 1

    intervals = data.keys()
    intervals.sort()

    keys = keys.keys()

    out.write(f"{time:>10s} {tag:>10s}")
    for k in keys:
        out.write(f" {k:>10s}")
    out.write("\n")

    for t in intervals:
        itv = data[t]

        idxs = itv.keys()
        idxs.sort()

        for idx in idxs:
            vals = itv[idx]

            out.write(f"{t:10.0f} {idx:>10s}".format(t, idx))

            for k in keys:
                if k in vals:
                    out.write(f" {vals[k]:>10s}")
                else:
                    out.write(f" {'-':>10s}")

            out.write("\n")

    out.close()

    hosts = hosts.keys()
    hosts.sort()
    for host in hosts:
        filterOutput(tag, host)

    hostlist = open(f"{Dest}/{tag}.hosts.dat", "w")
    hostlist.write("name\n")
    for host in hosts:
        hostlist.write(f"{host}\n")


if len(sys.argv) != 3:
    print("Usage: reformat-stats <stats.log> <dst-dir>")
    print("Existing data in <dst-dir> will be deleted!")
    sys.exit(1)

Dest = sys.argv[2]

os.system(f"rm -rf {Dest}")
os.mkdir(Dest)

for tag in ["parent", "child", "interface"]:
    makeOutput(sys.argv[1], tag)