Skip to content

Zeek

Overview

Zeek is a free and open-source software network analysis framework; it was originally developed in 1994 by Vern Paxson and was named in reference to George Orwell's Big Brother from his novel Nineteen Eighty-Four. It can be used as a network intrusion detection system (NIDS) but with additional live analysis of network events. It is released under the BSD license.

Event Categories

The following table lists the data source offered by this integration.

Data Source Description
Network intrusion detection system Zeek signature framework provides this capability
Network protocol analysis packet analysis capabilities are available by default
DNS records DNS queries intercepted by Zeek
Web logs Zeek captures the HTTP traffic

Configure

Refer to the configuration of Zeek's export to syslog to forward dns, http and conn logs to SEKOIA.IO by means of an rsyslog transport channel. Please consult the Rsyslog Transport documentation to forward these logs to SEKOIA.IO.

Further Reading

Back to top