# Virani

## Installation & Setup

Install various Perl requiremnets. This can be taken care of with
command below.

```shell
    cpanm Virani
```

Configure it.

For example on FreeBSD if you have daemonlogger set up something like
below.

```shell
    daemonlogger_enable="YES"
    daemonlogger_flags="-f /usr/local/etc/daemonlogger.bpf -d -l /var/log/daemonlogger -t 120"
```

Then a basic config would be like below.

```toml
    default_set='default'
    allowed_subnets=["192.168.14.0/23", "127.0.0.1/8"]
    [sets.default]
    path='/var/log/daemonlogger'
    regex='(?<timestamp>\d\d\d\d\d\d+)(\.pcap|(?<subsec>\.\d+)\.pcap)$'
    strptime='%s'
```

For more information on the config file, see the POD for Virani.

## Usage

A example grabbing port 53 traffic below can be done like the
following.

```shell
    virani -s 2023-02-27T11:00:18 -e 2023-02-27T11:31:18 port 53
```

The time may also be specified like below.

```
now       current time
now-30    30 seconds ago
now-30m   30 minutes ago
now-30h   30 hours ago
now-30w   30 weeks ago
```

So if you wanted to find all port 53 traffic in the last minute, you
could do somethiing like below.

```shell
    virani -s now-1m -e now port 53
```

The help info for virani is as below. For more info check out the POD
for the module Virani and the script Virani.

```
--help            Print this.
-h                Print this.

--version         Print version.
-v                Print version..

-r <remote>       Remote URL or config file for remote info.

-a <apikey>       API key for remote URL if needed.

-f <filter>       Filter for use with tshark or tcpdump.

-t <type>         tcpdump or tshark
                  Default :: tcpdump

-t <set>          Set to use. If undef, uses whatever the default is.
                  Default :: undef

--config <config> Config file to use.
                  Default :: /usr/local/etc/virani.toml

-s <timestamp>    Start timestamp. Any format supported by
                  Time::Piece::Guess is usable.

-e <timestamp>    End timestamp. Any format supported by
                  Time::Piece::Guess is usable.

-w <output>       The file to write the PCAP to.
                  Default :: out.pcap

--nc              If cached, do not use it.

-k                Do not check the SSL cert for HTTPS for remote.
```

# LICENSE AND COPYRIGHT

This software is Copyright (c) 2023 by Zane C. Bowers-Hadley.

This is free software, licensed under:

  The GNU Lesser General Public License, Version 2.1, February 1999