Zeek
latest (git/master)
Introduction
Cluster Architecture
Installation
Quick Start Guide
Cluster Configuration
Examples and Use Cases
Frameworks
Script Reference
Writing Plugins
Subcomponents
Zeek
Docs
»
Zeek Manual
Edit on GitHub
Zeek Manual
¶
Introduction
¶
Introduction
Overview
Features
History
Architecture
Cluster Architecture
Architecture
Frontend Options
Installation
Installing
Upgrading
Cross Compiling
Quick Start Guide
Managing Bro with BroControl
Bro as a Command-Line Utility
Cluster Configuration
Preparing to Setup a Cluster
Basic Cluster Configuration
PF_RING Cluster Configuration
Examples and Use Cases
¶
Examples and Use Cases
Logging
Working with Log Files
Monitoring HTTP Traffic
Introduction to the HTTP log
Detecting a Proxy Server
Inspecting Files
IDS
Detecting an FTP Brute-force Attack and Notifying
Other Attacks
MIME Type Statistics
MIME Statistics with Sumstats
Writing Scripts
Understanding Scripts
The Event Queue and Event Handlers
The Connection Record Data Type
Data Types and Data Structures
Custom Logging
Raising Notices
Reference
¶
Frameworks
Configuration Framework
File Analysis
GeoLocation
Input Framework
Intelligence Framework
Logging Framework
NetControl Framework
Notice Framework
Signature Framework
Summary Statistics
Broker-Enabled Communication/Cluster Framework
Script Reference
Operators
Types
Attributes
Declarations and Statements
Directives
Log Files
Notices
Protocol Analyzers
File Analyzers
Bro Package Index
Bro Script Index
Broxygen Example Script
Development
¶
Writing Plugins
Quick Start
Plugin Directory Layout
init-plugin
Activating a Plugin
Plugin Components
Hooks
Testing Plugins
Debugging Plugins
Documenting Plugins
Related Tools/Software
¶
Subcomponents
General Index
Read the Docs
v: latest (git/master)
Versions
latest
stable
Downloads
On Read the Docs
Project Home
Builds
Free document hosting provided by
Read the Docs
.