Provides integration with pandas for parsing and analyzing Zeek log files, returning structured data from network traffic analysis as DataFrame objects.
This repository provides a set of utilities to build an MCP server (Model Context Protocol) that you can integrate with your LLM chatbot client.
PATH (for the execzeek tool)It's recommended to use a virtual environment:
Note: If you don’t have a
requirements.txt, install directly:Copy
The repository exposes three main MCP tools and a command-line entry point:
--mcp-host: Host for the MCP server (default: 127.0.0.1).--mcp-port: Port for the MCP server (default: 8081).--transport: Transport protocol, either sse (Server-Sent Events) or stdio.You need to use an LLM that can support the MCP tools usage by tools call.
execzeek(pcap_path: str) -> str.log files in the working directory..log filenames or "1" on error.parselogs(logfile: str) -> DataFrame.log file and returns the parsed content.You can interact with these endpoints via HTTP (if using SSE transport) or by embedding in LLM client (eg: Claude Desktop):
To set up Claude Desktop as a Zeek MCP client, go to Claude -> Settings -> Developer -> Edit Config -> claude_desktop_config.json and add the following:
Alternatively, edit this file directly:
Another MCP client that supports multiple models on the backend is 5ire. To set up Zeek-MCP, open 5ire and go to Tools -> New and set the following configurations:
python /ABSOLUTE_PATH_TO/Bridge_Zeek_MCP.pyAn example of MCP tools usage from a chainlit chatbot client, it was used an example pcap file (you can find fews in pcaps folder)
See LICENSE for more information.
This server cannot be installed
A Model Context Protocol server that integrates Zeek network analysis capabilities with LLM chatbots, allowing them to analyze PCAP files and parse network logs through natural language interactions.