mirror of
https://github.com/vimagick/dockerfiles.git
synced 2024-12-21 01:27:01 +02:00
.. | ||
docker-compose.yml | ||
Dockerfile | ||
README.md |
zeek
Zeek is a passive, open-source network traffic analyzer. Many operators use Zeek as a network security monitor (NSM) to support investigations of suspicious or malicious activity.
- Adaptable
- Efficient
- Flexible
- Forensics
- Commercially Supported
- In-depth Analysis
- Highly Stateful
- Open Interfaces
- Open Source
up and running
$ docker compose up -d
$ docker compose exec zeek bash
>>> cd /usr/local/zeek/logs
>>> cat dns.log | zeek-cut query | sort | uniq -c | sort -nr | head -5
10 www.youtube.com
3 twitter.com
2 www.google.com
1 www.baidu.com
1 www.facebook.com
>>> exit
Don't be evil!