Zeek <---> zeek-to-vast <---> VAST
zeek-to-vast acts as a "dumb" relay and does not contain much logic.
Please consult the documentation of the Zeek package zeek-vast for
concrete Zeek use cases.
First, make sure you have Zeek and Broker installed. VAST automatically builds
zeek-to-vast if Broker is found during the build configuration. If you're
configure script in this repo, the flag
for specifying a custom install location.
PATH is either an install prefix or
a build directory of a Broker repository.
Second, install the Zeek scripts via:
zkg install zeek-vast
Now you're ready to go.
As illustrated above,
zeek-to-vast sits between Zeek and VAST. If Zeek and
VAST run on the same machine, all you need to do is invoke the program:
VAST must be running prior to invocation. After connecting to VAST
zeek-to-vast creates a Broker endpoint and waits for Zeek to
Both sides can be configured separately. To configure the VAST-facing side, use
# Connect to a VAST node running at 10.0.0.1:55555. zeek-to-vast -A 10.0.0.1 -P 55555
To configure the Zeek-facing side, use the options
# Wait for Zeek to connect at 192.168.0.1:44444 zeek-to-vast -a 192.168.0.1 -p 44444