dockerfiles/zeek/README.md

zeek
====

[Zeek][1] is a passive, open-source network traffic analyzer. Many operators use
Zeek as a network security monitor (NSM) to support investigations of
suspicious or malicious activity.

- Adaptable
- Efficient
- Flexible
- Forensics
- Commercially Supported
- In-depth Analysis
- Highly Stateful
- Open Interfaces
- Open Source

## up and running

```bash
$ docker compose up -d

$ docker compose exec zeek bash
>>> cd /usr/local/zeek/logs
>>> cat dns.log | zeek-cut query | sort | uniq -c | sort -nr | head -5
    10 www.youtube.com
    3 twitter.com
    2 www.google.com
    1 www.baidu.com
    1 www.facebook.com
>>> exit
```

> Don't be evil!

[1]: https://github.com/zeek/zeek
update zeek 2024-02-29 09:20:14 +02:00			`zeek`
			`====`

			`[Zeek][1] is a passive, open-source network traffic analyzer. Many operators use`
			`Zeek as a network security monitor (NSM) to support investigations of`
			`suspicious or malicious activity.`

			`- Adaptable`
			`- Efficient`
			`- Flexible`
			`- Forensics`
			`- Commercially Supported`
			`- In-depth Analysis`
			`- Highly Stateful`
			`- Open Interfaces`
			`- Open Source`

			`## up and running`

			```bash
			`$ docker compose up -d`

			`$ docker compose exec zeek bash`
			`>>> cd /usr/local/zeek/logs`
			`>>> cat dns.log \| zeek-cut query \| sort \| uniq -c \| sort -nr \| head -5`
			`10 www.youtube.com`
			`3 twitter.com`
			`2 www.google.com`
			`1 www.baidu.com`
			`1 www.facebook.com`
			`>>> exit`
			```

			`> Don't be evil!`

			`[1]: https://github.com/zeek/zeek`