Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
No description
18904 commits 387 branches 195 tags 255 MiB
Find a file
Tim Wojtulewicz acdf8f4d4d Merge remote-tracking branch 'origin/topic/timw/coverity-fixes' 
* origin/topic/timw/coverity-fixes:
  Fix a few other minor issues reported by Coverity
  Add a few extra null checks, plus a missing initialization that led to a bad null check
  Fix some integer overflow issues reported by Coverity
  Ignore a couple of known-unused results reported by Coverity
  Fix some bit-shifting overflow/UB issues reported by Coverity
  Reset the value of a status variable in SQLite backend before using it in a loop
  Fix a potential memory leak reported by Coverity
  Avoid some string copies in IRC analyzer
  Add some additional std::moves reported by Coverity
  Fix an unsigned integer comparison reported by Coverity
  Fix uninitialized class member Coverity findings
  Handle uncaught exception during setup
  Update gen-zam submodule for Coverity findings
2025-07-23 15:26:29 -07:00
.github/workflows CI: Add PR label for skipping all CI jobs 2025-05-30 10:29:02 -07:00
auxil Update gen-zam submodule for Coverity findings 2025-07-23 15:17:53 -07:00
ci CI: Add weekly task for running builds with newest compilers 2025-07-22 14:27:22 -07:00
cmake@53a2d51b25 Update submodules to C++20-enabled versions 2025-07-10 14:07:07 -07:00
cmake_templates Deprecate BRO_PLUGIN_INSTALL_PATH constant 2025-06-23 08:35:25 -07:00
doc@2b7c190a64 Update doc submodule [nomail] [skip ci] 2025-07-23 00:29:23 +00:00
docker docker: Add net-tools and procps dependencies 2025-06-06 09:17:01 +02:00
man Use the same rules as cmake submodule to reformat Zeek 2023-05-09 08:31:43 -07:00
scripts Add flag to force synchronous mode when calling storage script-land functions 2025-07-23 13:14:34 -07:00
src Fix a few other minor issues reported by Coverity 2025-07-23 15:17:53 -07:00
testing Fix swapped storage metrics names 2025-07-23 13:14:46 -07:00
.cirrus.yml Merge remote-tracking branch 'origin/topic/timw/ci-weekly-compiler-task' 2025-07-23 08:21:31 -07:00
.clang-format Update COPYING date to now and fix some [skip CI] 2025-01-09 08:38:45 -05:00
.clang-tidy Fix clang-tidy findings in embedded C++ from bif files 2025-07-23 10:19:32 -07:00
.cmake-format.json Always break lines when formatting spicy_add_analyzer 2025-03-03 11:24:20 +01:00
.dockerignore Add .dockerignore to suppress btest artifacts 2021-09-24 17:04:26 -07:00
.git-blame-ignore-revs Update .git-blame-ignore-revs 2023-10-30 09:42:39 +01:00
.gitattributes GH-1497: Support CRLF line-endings in Zeek scripts and signature files 2021-04-08 20:32:30 -07:00
.gitignore Update .gitignore to add Emacs and Vim temp files 2024-02-07 12:12:58 -07:00
.gitmodules Remove ghc::filesystem submodule, switch to std::filesystem 2025-07-14 11:23:54 -07:00
.pre-commit-config.yaml Bump spicy-format pre-commit hook 2025-07-09 11:40:25 +02:00
.typos.toml scripts: Use tpe instead of type_, again 2025-07-03 20:25:34 +02:00
.update-changes.cfg Add script to update external test repo commit pointers 2019-04-05 17:09:01 -07:00
CHANGES Merge remote-tracking branch 'origin/topic/timw/coverity-fixes' 2025-07-23 15:26:29 -07:00
CMakeLists.txt Remove ghc::filesystem submodule, switch to std::filesystem 2025-07-14 11:23:54 -07:00
CODE_OF_CONDUCT.md Add code of conduct and contributing to repo. 2025-03-06 13:11:17 +00:00
configure Deprecate --with-binpac/--with-bifcl configure options 2025-06-24 12:50:35 -07:00
CONTRIBUTING.md Add code of conduct and contributing to repo. 2025-03-06 13:11:17 +00:00
COPYING Update COPYING date to now and fix some [skip CI] 2025-01-09 08:38:45 -05:00
COPYING-3rdparty Remove ghc::filesystem submodule, switch to std::filesystem 2025-07-14 11:23:54 -07:00
INSTALL Update documentation to include "Book of Zeek" revisions 2021-02-01 15:54:36 -08:00
Makefile Fix warning about grealpath when running 'make dist' on Linux 2024-07-11 13:45:14 -07:00
NEWS NEWS: ZeekControl, ZeroMQ and WebSocket 2025-07-23 13:31:11 +02:00
README Add tooling section to README 2023-01-27 13:03:52 -07:00
README.md Fix dead links in README 2025-02-17 08:32:04 -07:00
ruff.toml Swap pre-commit yapf for ruff/ruff-format, fix findings 2024-12-11 11:08:37 -07:00
SECURITY.md Add SECURITY.md, pointing at the website 2025-01-13 08:21:28 -07:00
vcpkg.json Switch all of the conan configuration to vcpkg 2024-02-02 14:52:16 -07:00
VERSION Merge remote-tracking branch 'origin/topic/timw/coverity-fixes' 2025-07-23 15:26:29 -07:00
zeek-path-dev.in Move CMake template files to separate directory 2023-06-26 13:39:59 -07:00

README.md

Zeek Logo

The Zeek Network Security Monitor

A powerful framework for network traffic analysis and security monitoring.

Key FeaturesDocumentationGetting StartedDevelopmentLicense

Follow us on Twitter at @zeekurity.

Coverage Status Build Status

Slack Discourse

Key Features

  • In-depth Analysis Zeek ships with analyzers for many protocols, enabling high-level semantic analysis at the application layer.

  • Adaptable and Flexible Zeek's domain-specific scripting language enables site-specific monitoring policies and means that it is not restricted to any particular detection approach.

  • Efficient Zeek targets high-performance networks and is used operationally at a variety of large sites.

  • Highly Stateful Zeek keeps extensive application-layer state about the network it monitors and provides a high-level archive of a network's activity.

Getting Started

The best place to find information about getting started with Zeek is our web site www.zeek.org, specifically the documentation section there. On the web site you can also find downloads for stable releases, tutorials on getting Zeek set up, and many other useful resources.

You can find release notes in NEWS, and a complete record of all changes in CHANGES.

To work with the most recent code from the development branch of Zeek, clone the master git repository:

git clone --recursive https://github.com/zeek/zeek

With all dependencies in place, build and install:

./configure && make && sudo make install

Write your first Zeek script:

# File "hello.zeek"

event zeek_init()
    {
    print "Hello World!";
    }

And run it:

zeek hello.zeek

For learning more about the Zeek scripting language, try.zeek.org is a great resource.

Development

Zeek is developed on GitHub by its community. We welcome contributions. Working on an open source project like Zeek can be an incredibly rewarding experience and, packet by packet, makes the Internet a little safer. Today, as a result of countless contributions, Zeek is used operationally around the world by major companies and educational and scientific institutions alike for securing their cyber infrastructure.

If you're interested in getting involved, we collect feature requests and issues on GitHub here and you might find these to be a good place to get started. More information on Zeek's development can be found here, and information about its community and mailing lists (which are fairly active) can be found here.

License

Zeek comes with a BSD license, allowing for free use with virtually no restrictions. You can find it here.

Tooling

We use the following tooling to help discover issues to fix, amongst a number of others.