Zeek Documentation


Make sure to read the appropriate documentation version.

The purpose of this document is to assist the Zeek community with implementing Zeek in their environments. The document includes material on Zeek’s unique capabilities, how to install it, how to interpret the default logs that Zeek generates, and how to modify Zeek to fit your needs. The document is the result of a volunteer community effort. If you would like to contribute, or want more information, please visit the Zeek web page for details on how to connect with the community.

Table of Contents

Documentation Versioning


The Zeek codebase has three primary branches of interest to users so this document is also maintained as three different versions, one associated with each branch of Zeek. The default version of docs.zeek.org tracks Zeek’s latest Git development:

If you instead use a Zeek Long-Term Support (LTS) or Feature release these are the appropriate starting points:

To help clarify which release you are using, the version numbering scheme for the two release branches is described in the Release Cadence policy.

Documentation for older Zeek releases remains available for approximately one full major-version release cycle, i.e., about a year. You can browse recent versions via the fly-out menu in the bottom left, and find all available versions on the RTD website.