Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-01 22:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
No description
19605 commits 387 branches 195 tags 255 MiB
Find a file
Tim Wojtulewicz 83f05dde34
Some checks are pending
pre-commit / pre-commit (push) Waiting to run
Details
Merge remote-tracking branch 'origin/topic/timw/merge-3rdparty-repo-into-main' 
* origin/topic/timw/merge-3rdparty-repo-into-main: (30 commits)
  Ignore src/3rdparty for pre-commit
  src/3rdparty: Port doctest fix for including <ciso646> from upstream
  src/3rdparty: Update doctest to v2.4.12
  src/3rdparty: Move jthread/stop_token out of std namespace to prevent collisions
  src/3rdparty: Fix clang-tidy bugprone-casting-through-void warning
  src/3rdparty: Add jthread and stop_token headers
  src/3rdparty: Update SQLite to 3.47.1
  src/3rdparty: Upgrade sqlite3 to 3.45.0
  src/3rdparty: modp: Disable deprecation warning for sprintf
  src/3rdparty: Update SQLite to 3.41.2
  src/3rdparty: Handle zeek-inet-ntop snprintf() return value correctly
  src/3rdparty: Rework inet-ntop change to build on Windows
  src/3rdparty: Use snprintf in zeek_inet_ntop.c to silence macOS compiler warnings
  src/3rdparty: Use snprintf in patricia.cc to silence macOS compiler warnings
  src/3rdparty: Update ConvertUTF Unicode license as per request from LLVM upstream
  src/3rdparty: Update doctest to 2.4.9 and sqlite to 3.39.4
  src/3rdparty: Fix rampant off-by-one error in last change
  src/3rdparty: numeric conversion functions now return the number of characters added
  src/3rdparty: Fix GCC 12.2 warning in access to patricia_t members
  src/3rdparty: Rebase patricia.{h,c} on upstream version
  ...
2025-09-26 02:57:42 +00:00
.github/workflows Use virtualenv in docs generation/builds 2025-08-08 20:38:31 -07:00
auxil Bump libkqueue to latest upstream master 2025-09-22 07:33:13 -07:00
ci Enable building ZeroMQ support on Windows 2025-09-16 13:30:14 -07:00
cmake@d51c699044 Link Prometheus symbols via Broker instead of directly 2025-08-28 13:05:40 -07:00
cmake_templates Remove deprecations tagged for v8.1 2025-08-12 10:19:03 -07:00
doc@2731def915 Update doc submodule [nomail] [skip ci] 2025-09-20 00:13:40 +00:00
docker docker: Bump to debian:trixie-slim 2025-08-13 20:37:14 +02:00
man Use the same rules as cmake submodule to reformat Zeek 2023-05-09 08:31:43 -07:00
scripts utils/decompose_uri: Support URIs containing IPv6 addresses 2025-09-23 13:04:29 +02:00
src Merge remote-tracking branch 'origin/topic/timw/merge-3rdparty-repo-into-main' 2025-09-26 02:57:42 +00:00
testing cluster/zeromq: Improve EINTR handling 2025-09-25 13:52:12 +02:00
tools Remove some unnecessary #includes from binpac source files 2025-09-02 11:52:52 -07:00
.cirrus.yml CI: Add label for enabling the Windows build in PRs 2025-09-16 13:30:14 -07:00
.clang-format Update COPYING date to now and fix some [skip CI] 2025-01-09 08:38:45 -05:00
.clang-tidy Use .contains() instead of .find() or .count() 2025-09-02 16:42:52 +00:00
.cmake-format.json Always break lines when formatting spicy_add_analyzer 2025-03-03 11:24:20 +01:00
.dockerignore Add .dockerignore to suppress btest artifacts 2021-09-24 17:04:26 -07:00
.git-blame-ignore-revs Update .git-blame-ignore-revs 2025-07-29 10:04:14 +02:00
.gitattributes GH-1497: Support CRLF line-endings in Zeek scripts and signature files 2021-04-08 20:32:30 -07:00
.gitignore Update .gitignore to add Emacs and Vim temp files 2024-02-07 12:12:58 -07:00
.gitmodules Remove zeek-3rdparty submodule 2025-09-25 18:37:24 -07:00
.pre-commit-config.yaml Ignore src/3rdparty for pre-commit 2025-09-25 18:39:07 -07:00
.typos.toml Compile contributors for Zeek 8.0 in the NEWS file 2025-08-04 09:32:58 -07:00
.update-changes.cfg Add script to update external test repo commit pointers 2019-04-05 17:09:01 -07:00
CHANGES Merge remote-tracking branch 'origin/topic/timw/merge-3rdparty-repo-into-main' 2025-09-26 02:57:42 +00:00
CMakeLists.txt Remove configure --with-gen-zam argument and the CMake summaries 2025-08-20 08:52:26 -07:00
CODE_OF_CONDUCT.md Add code of conduct and contributing to repo. 2025-03-06 13:11:17 +00:00
configure Remove configure --with-gen-zam argument and the CMake summaries 2025-08-20 08:52:26 -07:00
CONTRIBUTING.md Add code of conduct and contributing to repo. 2025-03-06 13:11:17 +00:00
COPYING Update COPYING date to now and fix some [skip CI] 2025-01-09 08:38:45 -05:00
COPYING-3rdparty Remove ghc::filesystem submodule, switch to std::filesystem 2025-07-14 11:23:54 -07:00
INSTALL Update documentation to include "Book of Zeek" revisions 2021-02-01 15:54:36 -08:00
Makefile Fix warning about grealpath when running 'make dist' on Linux 2024-07-11 13:45:14 -07:00
NEWS Bump libkqueue to latest upstream master 2025-09-22 07:33:13 -07:00
README README: Drop "Follow us on Twitter" 2025-08-21 16:44:15 +02:00
README.md README.md: Add Mastodon and Bluesky links 2025-08-21 16:58:27 +02:00
ruff.toml Swap pre-commit yapf for ruff/ruff-format, fix findings 2024-12-11 11:08:37 -07:00
SECURITY.md Add SECURITY.md, pointing at the website 2025-01-13 08:21:28 -07:00
vcpkg.json Enable building ZeroMQ support on Windows 2025-09-16 13:30:14 -07:00
VERSION Merge remote-tracking branch 'origin/topic/timw/merge-3rdparty-repo-into-main' 2025-09-26 02:57:42 +00:00
zeek-path-dev.in Move CMake template files to separate directory 2023-06-26 13:39:59 -07:00

README.md

Zeek Logo

The Zeek Network Security Monitor

A powerful framework for network traffic analysis and security monitoring.

Key FeaturesDocumentationGetting StartedDevelopmentLicense

Coverage Status Build Status

Slack Discourse

Mastodon Bluesky

Key Features

  • In-depth Analysis Zeek ships with analyzers for many protocols, enabling high-level semantic analysis at the application layer.

  • Adaptable and Flexible Zeek's domain-specific scripting language enables site-specific monitoring policies and means that it is not restricted to any particular detection approach.

  • Efficient Zeek targets high-performance networks and is used operationally at a variety of large sites.

  • Highly Stateful Zeek keeps extensive application-layer state about the network it monitors and provides a high-level archive of a network's activity.

Getting Started

The best place to find information about getting started with Zeek is our web site www.zeek.org, specifically the documentation section there. On the web site you can also find downloads for stable releases, tutorials on getting Zeek set up, and many other useful resources.

You can find release notes in NEWS, and a complete record of all changes in CHANGES.

To work with the most recent code from the development branch of Zeek, clone the master git repository:

git clone --recursive https://github.com/zeek/zeek

With all dependencies in place, build and install:

./configure && make && sudo make install

Write your first Zeek script:

# File "hello.zeek"

event zeek_init()
    {
    print "Hello World!";
    }

And run it:

zeek hello.zeek

For learning more about the Zeek scripting language, try.zeek.org is a great resource.

Development

Zeek is developed on GitHub by its community. We welcome contributions. Working on an open source project like Zeek can be an incredibly rewarding experience and, packet by packet, makes the Internet a little safer. Today, as a result of countless contributions, Zeek is used operationally around the world by major companies and educational and scientific institutions alike for securing their cyber infrastructure.

If you're interested in getting involved, we collect feature requests and issues on GitHub here and you might find these to be a good place to get started. More information on Zeek's development can be found here, and information about its community and mailing lists (which are fairly active) can be found here.

License

Zeek comes with a BSD license, allowing for free use with virtually no restrictions. You can find it here.

Tooling

We use the following tooling to help discover issues to fix, amongst a number of others.