Scroll to navigation

ZEEK(8) System Administration Utilities ZEEK(8)

NAME

zeek - passive network traffic analyzer

SYNOPSIS

zeek [options] [file ...]

DESCRIPTION

Zeek is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Zeek supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting.

Zeek comes with built-in functionality for a range of analysis and detection tasks, including detecting malware by interfacing to external registries, reporting vulnerable versions of software seen on the network, identifying popular web applications, detecting SSH brute-forcing, validating SSL certificate chains, among others.

OPTIONS

<file>
policy file, or read stdin
exit immediately after parsing scripts
don't load scripts from the base/ directory
activate policy file debugging
augment loaded policies by given code
tcpdump filter
command line help
read from given interface
add given prefix to policy file resolution
read from given tcpdump file
read rules from given file
activate execution tracing
write to given tcpdump file
print version and exit
print contents of state file
ignore checksums
force DNS
print out given ID
print available plugins and exit (-NN for verbose)
prime DNS
print execution time summary to stderr
replay events
enable rule debugging
set 'RE_level' for rules
Record process status in file
activate watchdog timer
generate documentation based on config file
enable pseudo-realtime for performance evaluation (default 1)
load seeds from given file
save seeds to given file
Enable debugging output for selected streams ('-B help' for help)
show leaks
record heap

ENVIRONMENT

file search path
plugin search path
plugins to always activate
prefix list
disable DNS lookups
file to load seeds from
ASCII log file extension
Output file for script execution statistics
Disable Zeekygen (Broxygen) documentation support

AUTHOR

zeek was written by The Zeek Project <info@zeek.org>.

November 2014 zeek