tools-ref/zeek.md
In hrbrmstr/zeekr: Tools to Make Analyses Using Zeek Easier
NAME
zeek - passive network traffic analyzer
SYNOPSIS
zeek [options] [file ...]
DESCRIPTION
Zeek is primarily a security monitor that inspects all traffic on a link
in depth for signs of suspicious activity. More generally, however, Zeek
supports a wide range of traffic analysis tasks even outside of the
security domain, including performance measurements and helping with
trouble-shooting.
Zeek comes with built-in functionality for a range of analysis and
detection tasks, including detecting malware by interfacing to external
registries, reporting vulnerable versions of software seen on the
network, identifying popular web applications, detecting SSH
brute-forcing, validating SSL certificate chains, among others.
OPTIONS
\
: policy file, or read stdin
-a, --parse-only
: exit immediately after parsing scripts
-b, --bare-mode
: don\'t load scripts from the base/ directory
-d, --debug-policy
: activate policy file debugging
-e, --exec \
: augment loaded policies by given code
-f, --filter \
: tcpdump filter
-h, --help\|-?
: command line help
-i, --iface \
: read from given interface
-p, --prefix \
: add given prefix to policy file resolution
-r, --readfile \
: read from given tcpdump file
-s, --rulefile \
: read rules from given file
-t, --tracefile \
: activate execution tracing
-w, --writefile \
: write to given tcpdump file
-v, --version
: print version and exit
-x, --print-state \
: print contents of state file
-C, --no-checksums
: ignore checksums
-F, --force-dns
: force DNS
-I, --print-id \
: print out given ID
-N, --print-plugins
: print available plugins and exit (-NN for verbose)
-P, --prime-dns
: prime DNS
-Q, --time
: print execution time summary to stderr
-R, --replay \
: replay events
-S, --debug-rules
: enable rule debugging
-T, --re-level \
: set \'RE_level\' for rules
-U, --status-file \
: Record process status in file
-W, --watchdog
: activate watchdog timer
-X, --zeekygen \
: generate documentation based on config file
--pseudo-realtime[=\]
: enable pseudo-realtime for performance evaluation (default 1)
--load-seeds \
: load seeds from given file
--save-seeds \
: save seeds to given file
The following option is available only when Zeek is built with the --enable-debug configure option:
:
-B, --debug \
: Enable debugging output for selected streams (\'-B help\' for help)
The following options are available only when Zeek is built with gperftools support (use the --enable-perftools and --enable-perftools-debug configure options):
:
-m, --mem-leaks
: show leaks
-M, --mem-profile
: record heap
ENVIRONMENT
ZEEKPATH
: file search path
ZEEK_PLUGIN_PATH
: plugin search path
ZEEK_PLUGIN_ACTIVATE
: plugins to always activate
ZEEK_PREFIXES
: prefix list
ZEEK_DNS_FAKE
: disable DNS lookups
ZEEK_SEED_FILE
: file to load seeds from
ZEEK_LOG_SUFFIX
: ASCII log file extension
ZEEK_PROFILER_FILE
: Output file for script execution statistics
ZEEK_DISABLE_ZEEKYGEN
: Disable Zeekygen (Broxygen) documentation support
AUTHOR
zeek was written by The Zeek Project \info\@zeek.org.
hrbrmstr/zeekr documentation built on Dec. 20, 2021, 4:49 p.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
NAME
zeek - passive network traffic analyzer
SYNOPSIS
zeek [options] [file ...]
DESCRIPTION
Zeek is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Zeek supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting.
Zeek comes with built-in functionality for a range of analysis and detection tasks, including detecting malware by interfacing to external registries, reporting vulnerable versions of software seen on the network, identifying popular web applications, detecting SSH brute-forcing, validating SSL certificate chains, among others.
OPTIONS
\
: policy file, or read stdin
-a, --parse-only
: exit immediately after parsing scripts
-b, --bare-mode
: don\'t load scripts from the base/ directory
-d, --debug-policy
: activate policy file debugging
-e, --exec \
: augment loaded policies by given code
-f, --filter \
: tcpdump filter
-h, --help\|-?
: command line help
-i, --iface \
: read from given interface
-p, --prefix \
: add given prefix to policy file resolution
-r, --readfile \
: read from given tcpdump file
-s, --rulefile \
: read rules from given file
-t, --tracefile \
: activate execution tracing
-w, --writefile \
: write to given tcpdump file
-v, --version
: print version and exit
-x, --print-state \
: print contents of state file
-C, --no-checksums
: ignore checksums
-F, --force-dns
: force DNS
-I, --print-id \
: print out given ID
-N, --print-plugins
: print available plugins and exit (-NN for verbose)
-P, --prime-dns
: prime DNS
-Q, --time
: print execution time summary to stderr
-R, --replay \
: replay events
-S, --debug-rules
: enable rule debugging
-T, --re-level \
: set \'RE_level\' for rules
-U, --status-file \
: Record process status in file
-W, --watchdog
: activate watchdog timer
-X, --zeekygen \
: generate documentation based on config file
--pseudo-realtime[=\]
: enable pseudo-realtime for performance evaluation (default 1)
--load-seeds \
: load seeds from given file
--save-seeds \
: save seeds to given file
The following option is available only when Zeek is built with the --enable-debug configure option:
:
-B, --debug \
: Enable debugging output for selected streams (\'-B help\' for help)
The following options are available only when Zeek is built with gperftools support (use the --enable-perftools and --enable-perftools-debug configure options):
:
-m, --mem-leaks
: show leaks
-M, --mem-profile
: record heap
ENVIRONMENT
ZEEKPATH
: file search path
ZEEK_PLUGIN_PATH
: plugin search path
ZEEK_PLUGIN_ACTIVATE
: plugins to always activate
ZEEK_PREFIXES
: prefix list
ZEEK_DNS_FAKE
: disable DNS lookups
ZEEK_SEED_FILE
: file to load seeds from
ZEEK_LOG_SUFFIX
: ASCII log file extension
ZEEK_PROFILER_FILE
: Output file for script execution statistics
ZEEK_DISABLE_ZEEKYGEN
: Disable Zeekygen (Broxygen) documentation support
AUTHOR
zeek was written by The Zeek Project \info\@zeek.org.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.