zeek (net/zeek) Updated: 1 day, 16 hours ago Add to my watchlist
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. Zeek is the new name for the long-established Bro system. Note that parts of the system retain the Bro name, and it also often appears in the documentation and distributions.
Version: 6.0.9 License: BSD
GitHub
| Maintainers | Schamschula |
| Categories | net security |
| Homepage | https://www.zeek.org/ |
| Platforms | {darwin >= 19} |
| Variants |
|
Subport(s) (1)
"zeek" depends on
lib (10)
build (6)
Ports that depend on "zeek"
No ports
Port notes
You'll need to set your ZEEKHOME to ${prefix}/share/zeek and your
ZEEKPATH to ${prefix}/share/zeek/site:${prefix}/share/zeek/policy
to use the provided policies.
Check online documentation to finish install
https://docs.zeek.org/en/stable/quickstart/index.html
1) review config: node.cfg, network.cfg, zeekctl.cfg
especially network interface, MailTo
Existing files have not been modified
2) Run as root or with sudo
# zeekctl
[ZeekControl] > install
[ZeekControl] > start
3) Use scheduled task for maintenance
# ln -s ${prefix}/Library/LaunchDaemons/org.macports.zeek.plist /Library/LaunchDaemons/
# launchctl load -w /Library/LaunchDaemons/org.macports.zeek.plist
**** UPGRADING ****
Paths have been changed to respect macports hierarchy
${prefix}/etc -> ${prefix}/etc/zeek
${prefix}/spool -> ${prefix}/var/spool/zeek
${prefix}/logs -> ${prefix}/var/log/zeek A startup item has been generated that will aid in starting zeek with launchd. It is disabled by default. Execute the following command to start it, and to cause it to launch at startup:
sudo port load zeek
Port Health:
Loading Port Health
Installations (30 days)
1
Requested Installations (30 days)
1
Livecheck results
zeek seems to have been updated (port version: 6.0.8, new version: 6.0.9)
livecheck ran: 1 day, 22 hours ago