self-hosted/dockerfiles
1
0
Fork 0
mirror of https://github.com/vimagick/dockerfiles.git synced 2025-10-30 23:47:48 +02:00
Code Issues Releases Activity
Files
master
dockerfiles/zeek
History
kev cb5cb05e15 update zeek
2024-02-29 15:20:14 +08:00
..
docker-compose.yml
update zeek
2024-02-29 15:20:14 +08:00
Dockerfile
update zeek
2024-02-29 15:20:14 +08:00
README.md
update zeek
2024-02-29 15:20:14 +08:00

README.md

zeek

Zeek is a passive, open-source network traffic analyzer. Many operators use Zeek as a network security monitor (NSM) to support investigations of suspicious or malicious activity.

  • Adaptable
  • Efficient
  • Flexible
  • Forensics
  • Commercially Supported
  • In-depth Analysis
  • Highly Stateful
  • Open Interfaces
  • Open Source

up and running

$ docker compose up -d

$ docker compose exec zeek bash
>>> cd /usr/local/zeek/logs
>>> cat dns.log | zeek-cut query | sort | uniq -c | sort -nr | head -5
    10 www.youtube.com
    3 twitter.com
    2 www.google.com
    1 www.baidu.com
    1 www.facebook.com
>>> exit

Don't be evil!