Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Switch branches/tags
devel event/exchange2013 fastpath master release/1.5 release/2.0 release/2.1 release/2.2 release/2.3 release/2.4 release/2.5 release/2.6 topic/aashish/qinq topic/actor-system-custom-clock topic/actor-system topic/dnthayer/ticket1470 topic/gilbert/conn-tuning topic/gilbert/dtrace-probes topic/gilbert/log-threads topic/gilbert/log-util topic/gilbert/logging topic/gilbert/queue-wm topic/gregor/conninfo topic/gregor/smb-nfs topic/hui/dnp3-events topic/hui/dnp3-merge topic/hui/modbus-events2 topic/hui/powergrid topic/hui/powergrid2 topic/hui/powergrid3 topic/hui/powergrid4 topic/ignore-me topic/jazoff/fix-snaplen topic/jazoff/fuzz-target topic/jazoff/fuzzing-deferred-init topic/jazoff/fuzzing topic/jazoff/scan-unified topic/jazoff/select-to-poll topic/jazoff/ticket1521 topic/jazoff/version_change_fixes topic/johanna/bit-1976 topic/johanna/bytesintime topic/johanna/cleanup topic/johanna/config-cluster topic/johanna/config-framework-fixes topic/johanna/config topic/johanna/local-nets-option topic/johanna/mptcp topic/johanna/openssl-fixes topic/johanna/ssl_signature_details topic/johanna/static topic/johanna/tls-more-data topic/johanna/tls13-version topic/johanna/weird-options topic/jsiwek/actor-system topic/jsiwek/alpine-support topic/jsiwek/at-deprecated topic/jsiwek/attr-propogation topic/jsiwek/binpac-fixes topic/jsiwek/bit-1829 topic/jsiwek/bit-1854-reassembler-improvements topic/jsiwek/bit-1854-redo topic/jsiwek/bit-1854 topic/jsiwek/bit-1885 topic/jsiwek/bit-1909 topic/jsiwek/bit-1914 topic/jsiwek/bit-1950 topic/jsiwek/bit-1967 topic/jsiwek/broctl-tweaks topic/jsiwek/broker-listen-env topic/jsiwek/broker-misc topic/jsiwek/broker-opaques topic/jsiwek/caf-runloop-perf-testing topic/jsiwek/caf-runloop topic/jsiwek/comphash-func-determinism topic/jsiwek/config-cluster topic/jsiwek/dns-resolver-option topic/jsiwek/empty-lines topic/jsiwek/flip-on-syn-ack topic/jsiwek/fuzz-target topic/jsiwek/improve-input-reread topic/jsiwek/istate-tests-update topic/jsiwek/jira-test topic/jsiwek/log-escaping topic/jsiwek/lsan-integrated-suppressions topic/jsiwek/ncp-fixes topic/jsiwek/openssl-1.1 topic/jsiwek/parallelize-comm-tests topic/jsiwek/remove-match topic/jsiwek/remove-old-installed-scripts topic/jsiwek/rotation-fix topic/jsiwek/signal-handling topic/jsiwek/source-tree-independence topic/jsiwek/sqlite-cmake topic/jsiwek/string-extract-file-analyzer topic/jsiwek/sumstats-non-cluster-fixes topic/jsiwek/ticket658 topic/jsiwek/unit-tests topic/jsiwek/weird-sampling topic/jsiwek/1024 topic/katrina/tcp-analyzer topic/liangzhu/converge-time-cluster topic/mathieu/nic_interaction topic/matthias/broker topic/matthias/cert-checks topic/matthias/meta-analysis topic/matthias/split-escaped topic/mfischer/broker-fix topic/mfischer/broker-integration topic/mfischer/broker-routing-fix topic/mfischer/deep-cluster topic/rafaelb/new-Bro-Manual-Development-Edition topic/robin/async topic/robin/bf-empty topic/robin/broker topic/robin/cleanup-rewriter topic/robin/dnp3-merge-v2 topic/robin/dnp3-merge topic/robin/dns-mgr-fix topic/robin/dynamic-cast topic/robin/dynamic-plugins topic/robin/external-tests topic/robin/hilti-integration topic/robin/hilti topic/robin/is-remove-event topic/robin/log-limits topic/robin/modbus-events2-merge topic/robin/modbus-merge topic/robin/netmap topic/robin/no-flares-2.4.1 topic/robin/opaque topic/robin/papi topic/robin/rotate-info topic/robin/uint64-packet-stats topic/robin/user-manual topic/seth/auth-framework topic/seth/authentication-framework topic/seth/bit-1856-fix-content_line-bug topic/seth/bpfconf topic/seth/broker-merge topic/seth/case-insensitive-patterns topic/seth/dhcp-ext topic/seth/dhcp-update topic/seth/dns-casing-and-resp-queries topic/seth/file-analysis-framework topic/seth/fix-pcap-set-timeout topic/seth/fix-raw-reader-subprocess-exit topic/seth/gzip-logs topic/seth/http-sqli-improvements topic/seth/intel-fix-subnet-expiration topic/seth/intel-framework topic/seth/linux-cooked topic/seth/multi-merge topic/seth/mysql topic/seth/ntlm-fixes topic/seth/packet-loss-notices topic/seth/readfile topic/seth/remove-flare topic/seth/sebek-analyzer topic/seth/small-files-bof-handling-fix topic/seth/smb-files-remove-path topic/seth/smb-mapping-memleak-fix topic/seth/smb-pending-fix topic/seth/ssl-dec topic/seth/super-merge topic/seth/syslog-analyzer-updates topic/seth/tagging-framework topic/seth/tftp topic/seth/timemachine-framework topic/seth/utf8-logs topic/vern/attrs topic/vern/attrs2 topic/vern/case-insensitive-patterns topic/vern/deprecations topic/vern/pattern-leaks topic/vern/pattern-ops topic/vern/perf-history topic/vern/runtime-pattern-bifs topic/vern/set-ops topic/vern/set-ops2 topic/vern/vec-append topic/vlad/redef_to_option topic/vlad/ssh_auth_none_fix topic/vladg/bit-1681 topic/vladg/c12_22 topic/vladg/dhcp_event_deprecation topic/vladg/file-analysis-exe-analyzer topic/vladg/fix_binpac_proto_violation topic/vladg/mysql_nul_string_fix topic/vladg/mysql_tls topic/vladg/ntp topic/vladg/ssh-fix topic/vladg/ssh_is_server_fix topic/vladg/zip topic/zhongjie/first_packet_pattern_matching topic/zhongjie/fix-sig topic/zhongjie/nic-pattern-matching
Nothing to show
Clone or download
Latest commit 1f826b9 Dec 10, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
aux Updating submodule(s). Dec 10, 2018
cmake @ 56143d2 Merge remote-tracking branch 'origin/topic/jsiwek/alpine-support' Dec 10, 2018
doc Update github/download links Dec 7, 2018
man Remove -z/--analysis option. Aug 5, 2016
scripts Add dns_resolver option Nov 30, 2018
src Merge remote-tracking branch 'origin/topic/jsiwek/alpine-support' Dec 10, 2018
testing Update github/download links Dec 7, 2018
.gitignore Refactoring, making error messages nicer, & lcov Jul 24, 2018
.gitmodules Update submodules to use github.com/zeek Dec 6, 2018
.travis.yml Use docker containers to run Bro tests on Travis CI Jun 22, 2018
.update-changes.cfg Update external test suite locations Dec 7, 2018
CHANGES Merge remote-tracking branch 'origin/topic/jsiwek/alpine-support' Dec 10, 2018
CMakeLists.txt Merge remote-tracking branch 'origin/topic/jsiwek/alpine-support' Dec 10, 2018
COPYING Update license year for 2018 Nov 1, 2018
INSTALL Make INSTALL a symlink to doc/install/install.rst Mar 13, 2015
Makefile Improve `make dist` Aug 31, 2018
NEWS Merge remote-tracking branch 'origin/dev/2.7' Nov 29, 2018
README Update github/download links Dec 7, 2018
README.rst Add README.rst -> README symlink. Addresses BIT-1413 Sep 10, 2015
VERSION Merge remote-tracking branch 'origin/topic/jsiwek/alpine-support' Dec 10, 2018
bro-config.h.in Replace GeoIP Legacy DB support with MaxMind DB support Jul 30, 2018
bro-config.in GH-184: add `bro-config --build_type`, outputs CMake build type Oct 5, 2018
bro-path-dev.in Flesh out Broxygen doc-gathering skeleton. Oct 22, 2013
configure Introduce --enable-static-broker configuration option. Dec 6, 2018

README.rst

Zeek Network Security Monitor

Zeek is a powerful framework for network analysis and security monitoring.

(Zeek is the new name for the long-established Bro system. Note that parts of the system retain the "Bro" name, and it also often appears in the documentation and distributions.)

Please see the INSTALL file for installation instructions and pointers for getting started. NEWS contains release notes for the current version, and CHANGES has the complete history of changes. Please see COPYING for licensing information.

You can download source and binary releases on:

https://www.zeek.org/download

To get the current development version, clone our master git repository:

git clone --recursive https://github.com/zeek/zeek

For more documentation, research publications, and community contact information, please see the home page:

https://www.zeek.org

On behalf of the Zeek Development Team,

Vern Paxson & Robin Sommer, International Computer Science Institute & Lawrence Berkeley National Laboratory vern@icir.org / robin@icir.org