diff --git a/CHANGES b/CHANGES index 4cd0488635..c5488fb9de 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,8 @@ + +4.1.0-dev.638 | 2021-05-17 13:08:28 +0100 + + * Manual page updates (Henrik Kramselund Jereminsen) + 4.1.0-dev.631 | 2021-05-11 09:26:37 -0700 * Add unit tests to ZeekString.cc (Tim Wojtulewicz) diff --git a/VERSION b/VERSION index fbcc8809fb..d944358ec1 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -4.1.0-dev.631 +4.1.0-dev.638 diff --git a/man/zeek.8 b/man/zeek.8 index b59b054328..1a667f5630 100644 --- a/man/zeek.8 +++ b/man/zeek.8 @@ -16,6 +16,8 @@ tasks, including detecting malware by interfacing to external registries, reporting vulnerable versions of software seen on the network, identifying popular web applications, detecting SSH brute-forcing, validating SSL certificate chains, among others. + +You must have the necessary permissions to access to the files or interfaces specified. .SH OPTIONS .TP .B @@ -148,6 +150,31 @@ Output file for script execution statistics .TP .B ZEEK_DISABLE_ZEEKYGEN Disable Zeekygen (Broxygen) documentation support +.SH OUTPUT FORMAT +Output is written in multiple files depending on configuration. The default +location is the current directory. + +The output written by Zeek can be formatted in multiple ways using the +logging framework. +.PP +The default are files in human-readable (ASCII) format. The data is organized +into columns (tab-delimited). The data can be processed using, e.g., the \fBzeek-cut\fR tool. + + +.SH EXAMPLES +Read a capture file and generate the default logs: +.br + # zeek -r test-capture.pcap +.PP +When running on live traffic, Zeek is usually started by running \fBzeekctl\fR. To configure +Zeek with an initial configuration, install, and restart: +.br + # zeekctl deploy + +Note: the zeekctl configuration may need to be updated before first use. Especially the +network interface used should be the correct one. +.SH SEE ALSO +zeekctl(8) zeek-cut(1) .SH AUTHOR .B zeek was written by The Zeek Project .