moony/dockerfiles
1
2
Fork 0
mirror of https://github.com/vimagick/dockerfiles synced 2024-06-16 03:48:44 +00:00
Code Issues Releases Wiki Activity
fca25bf7c9
dockerfiles/zeek
History
kev cb5cb05e15 update zeek
2024-02-29 15:20:14 +08:00
..
docker-compose.yml update zeek 2024-02-29 15:20:14 +08:00
Dockerfile update zeek 2024-02-29 15:20:14 +08:00
README.md update zeek 2024-02-29 15:20:14 +08:00

README.md

zeek

Zeek is a passive, open-source network traffic analyzer. Many operators use Zeek as a network security monitor (NSM) to support investigations of suspicious or malicious activity.

  • Adaptable
  • Efficient
  • Flexible
  • Forensics
  • Commercially Supported
  • In-depth Analysis
  • Highly Stateful
  • Open Interfaces
  • Open Source

up and running

$ docker compose up -d

$ docker compose exec zeek bash
>>> cd /usr/local/zeek/logs
>>> cat dns.log | zeek-cut query | sort | uniq -c | sort -nr | head -5
    10 www.youtube.com
    3 twitter.com
    2 www.google.com
    1 www.baidu.com
    1 www.facebook.com
>>> exit

Don't be evil!