Bro has been renamed Zeek. It is a powerful open source network security monitor. It is not only an IDS, but also a network analysis framework. Zeek provides you with real-time insights into network operations to help detect and prevent security incidents. Its benefits include detailed network traffic logging, event-driven analysis and the ability to detect a wide range of network anomalies and security events.
step 1. Before installing Zeek, you need to update and refresh your Debian repository by executing the following commands:
sudo apt update sudo apt upgrade
This command will update the package list for upgrades and new package installations.
Step 2. Install Zeek Network Security Monitor 12.
on DebianAfter updating the repository, you can start the Zeek installation. First, add the GPG key and repository for the Zeek package using the following command:
curl -fsSL https://download.opensuse.org/repositories/security:zeek/Debian_12/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/security_zeek.gpg > /dev/null echo 'deb http://download.opensuse.org/repositories/security:/zeek/Debian_12/ /' | sudo tee /etc/apt/sources.list.d/security:zeek.list
Next, update the Debian repository by executing the following command:
sudo apt update
Now you can install Zeek by executing the following command:
sudo apt install zeek-lts
Once the installation is complete, you can check the location of the Zeek binaries, check the Zeek version, and print the Zeek help message using the following commands:
which zeek zeek --version zeek --help
Step 3. Configure Zeek.
The first step in configuring Zeek in standalone mode is to set up the network interfaces that Zeek will monitor. Open the node. CFG Company files are located in the $PREFIX/etc/ directory, where $PREFIX is the Zeek installation root directory. By default, this is /usr/local/zeek if installing from source, or /opt/zeek if installing from a binary package. For example, if your network interface is "eth0", the configuration would look like this:
[zeek] type=standalone host=localhost interface=eth0
If you plan to run Zeek in a cluster configuration, you will need to define where the loggers, managers, agents, and workers will run. For cluster configurations, comment out (or delete) the standalone node in the node. CFG file, and then uncomment or add node entries for each node in the cluster (Loggers, Managers, Agents, and Workers):
For example, to run five Zeek nodes (two workers, an agent, a logger, and a manager) on a cluster of three machines, the cluster configuration would look like this:
[logger] type=logger host=192.168.1.1 [manager] type=manager host=192.168.1.2 [proxy-1] type=proxy host=192.168.1.2 [worker-1] type=worker host=192.168.1.3 interface=eth0 [worker-2] type=worker host=192.168.1.3 interface=eth1
After configuring Zeek, you can start it using the zeekctl command:
zeekctl deploy
This command is equivalent to the install and start commands in Zeek. You can check the status of each component of the Zeek cluster by executing the status command :
zeekctl status
Thank you for using this tutorial to install the latest version of Zeek open source network traffic analyzer on Debian 12 Bookworm. For more help or useful information, we recommend you check out the Zeek official website.
The above is the detailed content of How to install Zeek Internet Security Monitor 12 on Debian. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
