mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Merge branch 'master' of https://github.com/kramse/zeek
* 'master' of https://github.com/kramse/zeek: Added note about default configuration More precise description of the example Removed tcpdump file, as it may not even work. Just a few ideas for improving the manual page
This commit is contained in:
Johanna Amann
commit
1d25def759
3 changed files with 33 additions and 1 deletions
5
CHANGES
5
CHANGES
|
|
@ -1,3 +1,8 @@
|
|||
|
||||
4.1.0-dev.638 | 2021-05-17 13:08:28 +0100
|
||||
|
||||
* Manual page updates (Henrik Kramselund Jereminsen)
|
||||
|
||||
4.1.0-dev.631 | 2021-05-11 09:26:37 -0700
|
||||
|
||||
* Add unit tests to ZeekString.cc (Tim Wojtulewicz)
|
||||
|
|
|
|||
2
VERSION
2
VERSION
|
|
@ -1 +1 @@
|
|||
4.1.0-dev.631
|
||||
4.1.0-dev.638
|
||||
|
|
|
|||
27
man/zeek.8
27
man/zeek.8
|
|
@ -16,6 +16,8 @@ tasks, including detecting malware by interfacing to external registries,
|
|||
reporting vulnerable versions of software seen on the network, identifying
|
||||
popular web applications, detecting SSH brute-forcing, validating SSL
|
||||
certificate chains, among others.
|
||||
|
||||
You must have the necessary permissions to access to the files or interfaces specified.
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
.B <file>
|
||||
|
|
@ -148,6 +150,31 @@ Output file for script execution statistics
|
|||
.TP
|
||||
.B ZEEK_DISABLE_ZEEKYGEN
|
||||
Disable Zeekygen (Broxygen) documentation support
|
||||
.SH OUTPUT FORMAT
|
||||
Output is written in multiple files depending on configuration. The default
|
||||
location is the current directory.
|
||||
|
||||
The output written by Zeek can be formatted in multiple ways using the
|
||||
logging framework.
|
||||
.PP
|
||||
The default are files in human-readable (ASCII) format. The data is organized
|
||||
into columns (tab-delimited). The data can be processed using, e.g., the \fBzeek-cut\fR tool.
|
||||
|
||||
|
||||
.SH EXAMPLES
|
||||
Read a capture file and generate the default logs:
|
||||
.br
|
||||
# zeek -r test-capture.pcap
|
||||
.PP
|
||||
When running on live traffic, Zeek is usually started by running \fBzeekctl\fR. To configure
|
||||
Zeek with an initial configuration, install, and restart:
|
||||
.br
|
||||
# zeekctl deploy
|
||||
|
||||
Note: the zeekctl configuration may need to be updated before first use. Especially the
|
||||
network interface used should be the correct one.
|
||||
.SH SEE ALSO
|
||||
zeekctl(8) zeek-cut(1)
|
||||
.SH AUTHOR
|
||||
.B zeek
|
||||
was written by The Zeek Project <info@zeek.org>.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue