Zeek Manual

Introduction

• Introduction
  • Overview
  • Features
  • History
  • Architecture
• Cluster Architecture
  • Architecture
  • Frontend Options
• Installation
  • Installing
  • Upgrading
  • Cross Compiling
• Quick Start Guide
  • Managing Zeek with ZeekControl
  • Zeek as a Command-Line Utility
• Cluster Configuration
  • Preparing to Setup a Cluster
  • Basic Cluster Configuration
  • PF_RING Cluster Configuration

Examples and Use Cases

• Examples and Use Cases
  • Logging
    • Working with Log Files
  • Monitoring HTTP Traffic
    • Introduction to the HTTP log
    • Detecting a Proxy Server
    • Inspecting Files
  • IDS
    • Detecting an FTP Brute-force Attack and Notifying
    • Other Attacks
  • MIME Type Statistics
    • MIME Statistics with Sumstats
  • Writing Scripts
    • Understanding Scripts
    • The Event Queue and Event Handlers
    • The Connection Record Data Type
    • Data Types and Data Structures
    • Custom Logging
    • Raising Notices

Reference

• Frameworks
  • Configuration Framework
  • File Analysis
  • GeoLocation
  • Input Framework
  • Intelligence Framework
  • Logging Framework
  • NetControl Framework
  • Notice Framework
  • Signature Framework
  • Summary Statistics
  • Broker-Enabled Communication/Cluster Framework
• Script Reference
  • Operators
  • Types
  • Attributes
  • Declarations and Statements
  • Directives
  • Log Files
  • Notices
  • Protocol Analyzers
  • File Analyzers
  • Zeek Package Index
  • Zeek Script Index
  • Zeekygen Example Script

Development

• Development Docs
  • Writing Plugins
  • Contributor’s Guide
  • Maintainer’s Guide

Related Tools/Software

• Subcomponents

General Index