ZEEK 安装
杨经武
Zeek is a passive, open-source network traffic analyzer. Many operators use Zeek as a network security monitor (NSM) to support investigations of suspicious or malicious activity. Zeek also supports a wide range of traffic analysis tasks beyond the security domain, including performance measurement and troubleshooting.
安装依赖
sudo apt-get install cmake make gcc g++ flex bison libpcap-dev libssl-dev python3 python3-dev swig zlib1g-dev
源码安装
git clone --recursive https://github.com/zeek/zeek
编译
./configure
make
make install
启动
zeekctl deploy
唯一要注意的是需要以root用户登录运行, 负责spool下的db无法成功生成导致zeek无法启动
类似资料: