Make sure to read the appropriate documentation version.
The purpose of this document is to assist the Zeek community with implementing Zeek in their environments. The document includes material on Zeek’s unique capabilities, how to install it, how to interpret the default logs that Zeek generates, and how to modify Zeek to fit your needs. The document is the result of a volunteer community effort. If you would like to contribute, or want more information, please visit the Zeek web page for details on how to connect with the community.
- About Zeek
- Monitoring With Zeek
- Get Started
- Zeek Log Formats and Inspection
- Zeek Logs
- Introduction to Scripting
- Script Reference
- Developer Guides
The Zeek codebase has three primary branches of interest to users so this document is also maintained as three different versions, one associated with each branch of Zeek. The default version of docs.zeek.org tracks Zeek’s latest Git development:
Git master branch: https://docs.zeek.org/en/master
If you instead use a Zeek Long-Term Support (LTS) or Feature release these are the appropriate starting points:
To help clarify which release you are using, the version numbering scheme for the two release branches is described in the Release Cadence policy.