zeek (net/zeek) Updated: 1 week, 5 days ago Add to my watchlist

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. Zeek is the new name for the long-established Bro system. Note that parts of the system retain the Bro name, and it also often appears in the documentation and distributions.

Version: 5.0.2 License: BSD GitHub
Maintainers Schamschula
Categories net security
Homepage https://www.zeek.org/
Platforms darwin
Variants
  • debug (Enable debug binaries)
  • universal (Build for multiple architectures)

"zeek" depends on

lib (10)
build (6)

Ports that depend on "zeek"

No ports


Port notes

You'll need to set your ZEEKHOME to ${prefix}/share/zeek and your
ZEEKPATH to ${prefix}/share/zeek/site:${prefix}/share/zeek/policy
to use the provided policies.

Check online documentation to finish install
https://docs.zeek.org/en/stable/quickstart/index.html

1) review config: node.cfg, network.cfg, zeekctl.cfg
especially network interface, MailTo
Existing files have not been modified

2) Run as root or with sudo
# zeekctl
[ZeekControl] > install
[ZeekControl] > start

3) Use scheduled task for maintenance
# ln -s ${prefix}/Library/LaunchDaemons/org.macports.zeek.plist /Library/LaunchDaemons/
# launchctl load -w /Library/LaunchDaemons/org.macports.zeek.plist

**** UPGRADING ****

Paths have been changed to respect macports hierarchy
${prefix}/etc -> ${prefix}/etc/zeek
${prefix}/spool -> ${prefix}/var/spool/zeek
${prefix}/logs -> ${prefix}/var/log/zeek A startup item has been generated that will aid in starting zeek with launchd. It is disabled by default. Execute the following command to start it, and to cause it to launch at startup:

sudo port load zeek


Port Health:

Loading Port Health

Installations (30 days)

0

Requested Installations (30 days)

0