macOS
brew install zeeklocal Homebrew formula metadata
sudo port install zeekMacPorts ports tree · net/zeek/Portfile · Source: api.github.com
brew
Consultez les chemins d'installation, exécutables, métadonnées et notes de sécurité de zeek pour les workflows d'agents IA.
installation
brew install zeeklocal Homebrew formula metadata
sudo port install zeekMacPorts ports tree · net/zeek/Portfile · Source: api.github.com
nix profile install nixpkgs#zeeknixpkgs package indexes · pkgs/by-name/ze/zeek/package.nix · Source: api.github.com
sudo apt install bifclDebian stable package indexes · bifcl · Source: deb.debian.org
scoop install extras/btestScoop official bucket manifest trees · bucket/btest.json · Source: api.github.com
aperçu
Network security monitor
historique
Zeek is the network security monitor formerly known as Bro: an open-source framework for turning network traffic into high-fidelity logs, events, and scriptable security telemetry. It is one of the canonical packages in network security monitoring.
Vern Paxson developed the first version of Bro at Lawrence Berkeley National Laboratory in 1995, and Berkeley Lab says it was first deployed there in 1996. Paxson's original research paper on Bro appeared at the 1998 USENIX Security Symposium and later received a Test of Time Award, giving the project unusually strong research roots for an operational security tool.
The project changed its name from Bro to Zeek in 2018. The rename kept the technical lineage while moving away from a name tied to Orwellian surveillance language; the current Zeek site presents the project as a mature open-source network security monitoring tool used across university, national-lab, enterprise, and cloud environments.
Zeek evolved from a research network intrusion detection system into a broad traffic-analysis framework. Its architecture centers on protocol analyzers, an event engine, a domain-specific scripting language, and logs that describe network activity at a semantic level rather than only matching packets against signatures.
Zeek's adoption grew through security operations centers, research networks, incident response teams, and enterprise monitoring programs that needed richer context than firewalls or classic intrusion prevention systems expose. Berkeley Lab notes continued work around 100G monitoring, Science DMZ environments, and the Corelight commercial spinoff.
The current Zeek site presents large adoption signals: worldwide deployments, thousands of tracked network events, many default log types, federally funded R&D history, and hundreds of community-contributed packages. The GitHub README also notes operational use by major companies plus educational and scientific institutions.
Its ecosystem includes community packages, ZeekControl/zeekctl for managing deployments, zkg for package management, and adjacent tools such as Spicy and BinPAC for protocol parsing. That gives Zeek a package ecosystem of its own inside the larger OS package ecosystem.
Users run Zeek on packet captures or live network interfaces to produce logs such as connection, DNS, HTTP, TLS, file, software, notice, and weird activity logs. Security teams then send those logs into SIEMs, data lakes, detection pipelines, or manual investigation workflows.
Zeek is scriptable: users write policy scripts and event handlers to add site-specific detection, extraction, enrichment, and logging behavior. Larger deployments use ZeekControl and cluster configuration files to split traffic analysis across workers, proxies, managers, and loggers.
Zeek matters to package nerds because it is not just one binary: a Homebrew-style install exposes the analyzer, control tooling, test tooling, package tooling, protocol tooling, and helper commands. It is a full security platform delivered through packages.
It also shows how an academic research system can become durable operational infrastructure. The package carries decades of protocol-analysis practice, a rename, a commercial ecosystem, community packages, and heavy deployment expectations while still remaining installable as an open-source Unix tool.
posture de sécurité
Aucun manifest local de gestion des secrets correspondant n'a été trouvé pour zeek. Les métadonnées de paquet Nucleus restent publiées ici afin que la couverture future dispose d'une URL stable.
Avant une utilisation sans surveillance par un agent, vérifiez si l'outil lit des identifiants en clair, écrit un état distant, publie des artefacts ou lance des plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
<prefix>/etc/node.cfg<prefix>/etc/networks.cfg<prefix>/etc/zeekctl.cfgexécutables
| Commande | Type | Exposition | Note |
|---|---|---|---|
bifcl | cli | exécutable global | |
binpac | cli | exécutable global | |
btest | cli | exécutable global | |
btest-ask-update | cli | exécutable global | |
btest-bg-run | cli | exécutable global | |
btest-bg-run-helper | cli | exécutable global | |
btest-bg-wait | cli | exécutable global | |
btest-diff | cli | exécutable global | |
btest-diff-rst | cli | exécutable global | |
btest-progress | cli | exécutable global | |
btest-rst-cmd | cli | exécutable global | |
btest-rst-include | cli | exécutable global | |
btest-rst-pipe | cli | exécutable global | |
btest-setsid | cli | exécutable global | |
capstats | cli | exécutable global | |
hilti-config | cli | exécutable global | |
hiltic | cli | exécutable global | |
paraglob-test | cli | exécutable global | |
spicy-build | cli | exécutable global | |
spicy-config | cli | exécutable global | |
spicy-driver | cli | exécutable global | |
spicy-dump | cli | exécutable global | |
spicy-precompile-headers | cli | exécutable global | |
spicyc | cli | exécutable global | |
spicyz | cli | exécutable global | |
trace-summary | cli | exécutable global | |
zeek | cli | exécutable global | |
zeek-archiver | cli | exécutable global | |
zeek-client | cli | exécutable global | |
zeek-cluster-layout-generator | cli | exécutable global | |
zeek-config | cli | exécutable global | |
zeek-cut | cli | exécutable global | |
zeek-systemd-generator | cli | exécutable global | |
zeekctl | cli | exécutable global | |
zkg | cli | exécutable global |
fraîcheur
Ces signaux séparent l'âge de génération de la page, l'activité du gestionnaire de paquets et la comparaison avec les versions amont. Un retard de version n'est signalé que lorsqu'une URL de preuve et des versions comparables sont présentes.
métadonnées d'installation
| Clé du paquet | brew:zeek |
|---|---|
| Version | 8.2.1 |
| Gestionnaire de paquets | Homebrew |
| Page du gestionnaire de paquets | https://formulae.brew.sh/formula/zeek |
| Page d'accueil | https://zeek.org/ |
| Dépôt | https://github.com/zeek/zeek |
| Docs amont | https://docs.zeek.org/en/current |
| Licence | BSD-3-Clause |
| Archive source | https://github.com/zeek/zeek/releases/download/v8.2.1/zeek-8.2.1.tar.gz |
| Dernière mise à jour | 2026-07-09T19:53:54Z |
| Pulse | updated |
| Dépendances | c-ares, libmaxminddb, libuv, node@24, openssl@3, python@3.14, zeromq |
| Dépendances de compilation | bison, cmake, flex, swig |
| Bibliothèques fournies par macOS | krb5, libpcap |
| Bouteille | disponible (sur arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| post-install Homebrew | non défini |
| Service | aucun déclaré |
faits du registre
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | zeek |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
correspondances dans les bases sources
Les correspondances proviennent d’index externes de gestionnaires de paquets et restent séparées des liens de paquets Automic Vault locaux.
zeek
nix profile install nixpkgs#zeekzeek
sudo port install zeekbifcl 1.6.2-1
Bro Built-In-Function Compiler
sudo apt install bifclbinpac 0.59.0-1
high level protocol parser language
sudo apt install binpacbtest 0.72-1.1
simple driver for basic unit tests
sudo apt install btestcapstats 0.31-1+b1
command-line tool for collecting network interface statistics
sudo apt install capstatsbtest
nix profile install nixpkgs#btestbifcl 1.6.2-1
Bro Built-In-Function Compiler
sudo apt install bifclbinpac 0.59.0-1
high level protocol parser language
sudo apt install binpacbtest 0.72-1
simple driver for basic unit tests
sudo apt install btestcapstats 0.31-1build2
command-line tool for collecting network interface statistics
sudo apt install capstatsextras/btest
scoop install extras/btestpiste source
Cette page est servie par av-web depuis l'artéfact SQLite privé des paquets généré par scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.