macOS
brew install zeeklocal Homebrew formula metadata
sudo port install zeekMacPorts ports tree · net/zeek/Portfile · Quelle: api.github.com
brew
Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für zeek in AI-Agent-Workflows.
Installation
brew install zeeklocal Homebrew formula metadata
sudo port install zeekMacPorts ports tree · net/zeek/Portfile · Quelle: api.github.com
nix profile install nixpkgs#zeeknixpkgs package indexes · pkgs/by-name/ze/zeek/package.nix · Quelle: api.github.com
sudo apt install bifclDebian stable package indexes · bifcl · Quelle: deb.debian.org
scoop install extras/btestScoop official bucket manifest trees · bucket/btest.json · Quelle: api.github.com
Überblick
Network security monitor
Verlauf
Zeek is the network security monitor formerly known as Bro: an open-source framework for turning network traffic into high-fidelity logs, events, and scriptable security telemetry. It is one of the canonical packages in network security monitoring.
Vern Paxson developed the first version of Bro at Lawrence Berkeley National Laboratory in 1995, and Berkeley Lab says it was first deployed there in 1996. Paxson's original research paper on Bro appeared at the 1998 USENIX Security Symposium and later received a Test of Time Award, giving the project unusually strong research roots for an operational security tool.
The project changed its name from Bro to Zeek in 2018. The rename kept the technical lineage while moving away from a name tied to Orwellian surveillance language; the current Zeek site presents the project as a mature open-source network security monitoring tool used across university, national-lab, enterprise, and cloud environments.
Zeek evolved from a research network intrusion detection system into a broad traffic-analysis framework. Its architecture centers on protocol analyzers, an event engine, a domain-specific scripting language, and logs that describe network activity at a semantic level rather than only matching packets against signatures.
Zeek's adoption grew through security operations centers, research networks, incident response teams, and enterprise monitoring programs that needed richer context than firewalls or classic intrusion prevention systems expose. Berkeley Lab notes continued work around 100G monitoring, Science DMZ environments, and the Corelight commercial spinoff.
The current Zeek site presents large adoption signals: worldwide deployments, thousands of tracked network events, many default log types, federally funded R&D history, and hundreds of community-contributed packages. The GitHub README also notes operational use by major companies plus educational and scientific institutions.
Its ecosystem includes community packages, ZeekControl/zeekctl for managing deployments, zkg for package management, and adjacent tools such as Spicy and BinPAC for protocol parsing. That gives Zeek a package ecosystem of its own inside the larger OS package ecosystem.
Users run Zeek on packet captures or live network interfaces to produce logs such as connection, DNS, HTTP, TLS, file, software, notice, and weird activity logs. Security teams then send those logs into SIEMs, data lakes, detection pipelines, or manual investigation workflows.
Zeek is scriptable: users write policy scripts and event handlers to add site-specific detection, extraction, enrichment, and logging behavior. Larger deployments use ZeekControl and cluster configuration files to split traffic analysis across workers, proxies, managers, and loggers.
Zeek matters to package nerds because it is not just one binary: a Homebrew-style install exposes the analyzer, control tooling, test tooling, package tooling, protocol tooling, and helper commands. It is a full security platform delivered through packages.
It also shows how an academic research system can become durable operational infrastructure. The package carries decades of protocol-analysis practice, a rename, a commercial ecosystem, community packages, and heavy deployment expectations while still remaining installable as an open-source Unix tool.
Sicherheitslage
Für zeek wurde kein passendes lokales Secret-Handling-Manifest gefunden. Nucleus-Paketmetadaten bleiben hier veröffentlicht, damit künftige Abdeckung eine stabile Paket-URL hat.
Prüfe vor unbeaufsichtigter Agent-Nutzung, ob das Tool Klartext-Credentials liest, Remote-Zustand schreibt, Artefakte veröffentlicht oder Plugins ausführt.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
<prefix>/etc/node.cfg<prefix>/etc/networks.cfg<prefix>/etc/zeekctl.cfgExecutables
| Befehl | Art | Sichtbarkeit | Hinweis |
|---|---|---|---|
bifcl | cli | globales Executable | |
binpac | cli | globales Executable | |
btest | cli | globales Executable | |
btest-ask-update | cli | globales Executable | |
btest-bg-run | cli | globales Executable | |
btest-bg-run-helper | cli | globales Executable | |
btest-bg-wait | cli | globales Executable | |
btest-diff | cli | globales Executable | |
btest-diff-rst | cli | globales Executable | |
btest-progress | cli | globales Executable | |
btest-rst-cmd | cli | globales Executable | |
btest-rst-include | cli | globales Executable | |
btest-rst-pipe | cli | globales Executable | |
btest-setsid | cli | globales Executable | |
capstats | cli | globales Executable | |
hilti-config | cli | globales Executable | |
hiltic | cli | globales Executable | |
paraglob-test | cli | globales Executable | |
spicy-build | cli | globales Executable | |
spicy-config | cli | globales Executable | |
spicy-driver | cli | globales Executable | |
spicy-dump | cli | globales Executable | |
spicy-precompile-headers | cli | globales Executable | |
spicyc | cli | globales Executable | |
spicyz | cli | globales Executable | |
trace-summary | cli | globales Executable | |
zeek | cli | globales Executable | |
zeek-archiver | cli | globales Executable | |
zeek-client | cli | globales Executable | |
zeek-cluster-layout-generator | cli | globales Executable | |
zeek-config | cli | globales Executable | |
zeek-cut | cli | globales Executable | |
zeek-systemd-generator | cli | globales Executable | |
zeekctl | cli | globales Executable | |
zkg | cli | globales Executable |
Aktualität
Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.
Installationsmetadaten
| Paketschlüssel | brew:zeek |
|---|---|
| Version | 8.2.1 |
| Paketmanager | Homebrew |
| Paketmanager-Seite | https://formulae.brew.sh/formula/zeek |
| Homepage | https://zeek.org/ |
| Repository | https://github.com/zeek/zeek |
| Upstream-Dokumentation | https://docs.zeek.org/en/current |
| Lizenz | BSD-3-Clause |
| Quellarchiv | https://github.com/zeek/zeek/releases/download/v8.2.1/zeek-8.2.1.tar.gz |
| Zuletzt aktualisiert | 2026-07-09T19:53:54Z |
| Pulse | updated |
| Abhängigkeiten | c-ares, libmaxminddb, libuv, node@24, openssl@3, python@3.14, zeromq |
| Build-Abhängigkeiten | bison, cmake, flex, swig |
| Von macOS bereitgestellte Bibliotheken | krb5, libpcap |
| Bottle | verfügbar (auf arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | nicht definiert |
| Dienst | keiner deklariert |
Registry-Fakten
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | zeek |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
Source-Datenbank-Treffer
Treffer stammen aus externen Paketmanager-Indizes und bleiben von lokalen Automic-Vault-Paketlinks getrennt.
zeek
nix profile install nixpkgs#zeekzeek
sudo port install zeekbifcl 1.6.2-1
Bro Built-In-Function Compiler
sudo apt install bifclbinpac 0.59.0-1
high level protocol parser language
sudo apt install binpacbtest 0.72-1.1
simple driver for basic unit tests
sudo apt install btestcapstats 0.31-1+b1
command-line tool for collecting network interface statistics
sudo apt install capstatsbtest
nix profile install nixpkgs#btestbifcl 1.6.2-1
Bro Built-In-Function Compiler
sudo apt install bifclbinpac 0.59.0-1
high level protocol parser language
sudo apt install binpacbtest 0.72-1
simple driver for basic unit tests
sudo apt install btestcapstats 0.31-1build2
command-line tool for collecting network interface statistics
sudo apt install capstatsextras/btest
scoop install extras/btestQuellspur
Diese Seite wird von av-web aus dem privaten Paket-SQLite-Artefakt bereitgestellt, das scripts/generate-pkg-sqlite.py erstellt.
View the package source record on GitHub.