Supported File Types

Teleseer supports the ingest of network collection files and bro/zeek logs.


Teleseer processes network collection files containing 802.3 or 802.11 (beta mode) headers. These files can be one-off collections or can exist within a compressed archive.

In addition to network collection files, Teleseer processes bro/zeek logs.

Network Collection Files

The following network collection file types are supported:

Google Stenographer (


Cooked pcaps

"cooked" network collection files are not currently supported


The following bro/zeek log files can be imported into Teleseer:

conn.logIP, TCP, UDP, ICMP connection details
dhcp.logDHCP lease activity
dns.logDNS query/response details
ftp.logFTP request/reply details
http.logHTTP request/reply details
ntp.logNTP request/reply details
sip.logSIP analysis
smtp.logSMTP transactions
ssh.logSSH handshakes
ssl.logSSL handshakes
tunnel.logDetails of encapsulating tunnels

It is recommended to use a supported compressed archive file such that all .log files can be ingested at once.

Assets created from log files without layer 2 content will appear within the External Hosts tab.

To create logs with layer 2 content, use the following zeek flag:


# Example
$ zeek -C -r maccdc_demo.pcap policy/protocols/conn/mac-logging

For more information on additional support and policies for zeek, see the Zeek Script Index


Supported formats

Teleseer currently provides support for the TSV format.

JSON format is not currently supported.

Compressed Archives

The following compressed archives are supported:

.bz2BZIP2 compressed archive
.gzGNU zip compressed archive
.tarUnix Tape Archive File compressed archive
.xzLZMA compressed archive
.zipLossless data compression archive