From fc532ee4404f0356f30d6b636a75ffb726863ded Mon Sep 17 00:00:00 2001
From: Evan Typanski <evan.typanski@corelight.com>
Date: Fri, 1 Nov 2024 10:15:44 -0400
Subject: [PATCH] Add usage

I'm still confused about how scripts are supposed to be loaded in a
spicy plugin, a la https://github.com/zeek/cmake/issues/97

It's just weird and unintuitive.
---
 README.md | 28 ++++++++++++++++++++++------
 1 file changed, 22 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 2251b42..c94af6d 100644
--- a/README.md
+++ b/README.md
@@ -2,11 +2,24 @@
 
 Parses the [Redis serialization protocol](https://redis.io/docs/latest/develop/reference/protocol-spec/) (RESP). Then parses this as Redis commands
 
-## Usage
+## Installation
+
+Install using the [Zeek package manager](https://docs.zeek.org/projects/package-manager/en/stable/), `zkg`:
 
-Common usage within Zeek.
+```
+zkg install https://github.com/evantypanski/spicy-redis
+```
 
-First, build the analyzer:
+Check to ensure it installed properly:
+
+```
+$ zeek -NN | grep spicy_Redis
+    [Analyzer] spicy_Redis (ANALYZER_SPICY_REDIS, enabled)
+```
+
+### From source
+
+You can also build from source directly from this directory, then install the local version:
 
 ```
 $ mkdir build && cd build
@@ -14,11 +27,14 @@ $ cmake .. -G Ninja
 $ ninja install
 ```
 
-You should now see the spicy analyzer via `zeek`:
+## Usage
+
+I'm not entirely clear how the script is expected to get loaded. For now, the easiest way to use this via Zeek is by directly loading the `main.zeek` script in a `zeek` invocation, like:
 
 ```
-$ zeek -NN | grep Redis
-    [Analyzer] spicy_redis (ANALYZER_SPICY_REDIS, enabled)
+$ zeek -Cr testing/Traces/set.trace scripts/main.zeek
+$ cat redis.log
+# ... the log output should appear
 ```
 
 ### Creating Redis traffic