From 8e8f2d0b12afea9a8421647369990c7c28279190 Mon Sep 17 00:00:00 2001 From: Henrik Kramselund Jereminsen Date: Wed, 12 May 2021 10:37:35 +0200 Subject: [PATCH] Just a few ideas for improving the manual page --- man/zeek.8 | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/man/zeek.8 b/man/zeek.8 index b59b054328..bf47dee136 100644 --- a/man/zeek.8 +++ b/man/zeek.8 @@ -16,6 +16,8 @@ tasks, including detecting malware by interfacing to external registries, reporting vulnerable versions of software seen on the network, identifying popular web applications, detecting SSH brute-forcing, validating SSL certificate chains, among others. + +You must have read access to the files or interfaces specified. .SH OPTIONS .TP .B @@ -148,6 +150,28 @@ Output file for script execution statistics .TP .B ZEEK_DISABLE_ZEEKYGEN Disable Zeekygen (Broxygen) documentation support +.SH OUTPUT FORMAT +Output is written in multiple files depending on configuration. Default +location is the current directory. Packets can be written to a tcpdump file. + +The output written by Zeek can be formatted in multiple ways using the +logging framework. +.PP +The default are files in human-readable (ASCII) format and data is organized +into columns (tab-delimited), They can be processed by the \fBzeek-cut\fR tool. + + +.SH EXAMPLES +Read a capture file: +.br + # zeek -r test-capture.pcap +.PP +Usually Zeek is started by running \fBzeekctl\fR. To configure Zeek with an initial +configuration, install, and restart: +.br + # zeekctl deploy +.SH SEE ALSO +zeekctl(8) zeek-cut(1) .SH AUTHOR .B zeek was written by The Zeek Project .