Developer Guides

In addition to documentation found or mentioned below, some developer-oriented content is maintained directly in the Zeek wiki due to the nature of the content (e.g. the author finds it to be more dynamic, informal, meta, transient, etc. compared to other documentation).

For more information about the documentation itself, see the doc directory within the Zeek source tree here.

• Writing Plugins
  • Quick Start
  • Plugin Directory Layout
  • init-plugin
  • Activating a Plugin
  • Plugin Components
  • Testing Plugins
  • Debugging Plugins
  • Building Plugins Statically into Zeek
  • Plugin Tutorials
• Writing Analyzers with Spicy
  • Installation
  • Getting Started
  • Tutorial
  • Reference
  • FAQ
  • Terminology
• Interacting with Zeek using WebSockets
  • Introduction
  • Background and Setup
  • Version 1
  • Outgoing Connections
• Contributor’s Guide
  • General Contribution Process
  • Coding Style and Conventions
  • General Documentation Structure/Process
  • Documentation Style and Conventions
  • Checking for Memory Errors and Leaks
  • Maintaining long-lived forks of Zeek
• Maintainer’s Guide
  • Release Process
• Cluster Architectures
  • Introduction
  • Single Node Examples
  • Multi Node Examples
  • WebSocket API to the Publish/Subscribe Layer
  • Operational Metrics via Prometheus
• Spawning a Cluster
  • Introduction
  • Cluster Layout
  • Spawning Processes
  • Minimal Shell-Based Supervisor
• ZeroMQ Cluster Backend
  • Quickstart
  • Architecture
  • Encryption
• Connection Handling
  • Checksum Behavior
  • Flipping Connections