How to install Zeek Internet Security Monitor 12 on Debian

Bro has been renamed Zeek. It is a powerful open source network security monitor. It is not only an IDS, but also a network analysis framework. Zeek provides you with real-time insights into network operations to help detect and prevent security incidents. Its benefits include detailed network traffic logging, event-driven analysis and the ability to detect a wide range of network anomalies and security events.

Install Zeek Network Security Monitor 12 on Debian Bookworm

step 1. Before installing Zeek, you need to update and refresh your Debian repository by executing the following commands:

sudo apt update
sudo apt upgrade

This command will update the package list for upgrades and new package installations.

Step 2. Install Zeek Network Security Monitor 12.

on Debian

After updating the repository, you can start the Zeek installation. First, add the GPG key and repository for the Zeek package using the following command:

curl -fsSL https://download.opensuse.org/repositories/security:zeek/Debian_12/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/security_zeek.gpg > /dev/null
echo 'deb http://download.opensuse.org/repositories/security:/zeek/Debian_12/ /' | sudo tee /etc/apt/sources.list.d/security:zeek.list

Next, update the Debian repository by executing the following command:

sudo apt update

Now you can install Zeek by executing the following command:

sudo apt install zeek-lts

Once the installation is complete, you can check the location of the Zeek binaries, check the Zeek version, and print the Zeek help message using the following commands:

which zeek
zeek --version
zeek --help

Step 3. Configure Zeek.

The first step in configuring Zeek in standalone mode is to set up the network interfaces that Zeek will monitor. Open the node. CFG Company files are located in the $PREFIX/etc/ directory, where $PREFIX is the Zeek installation root directory. By default, this is /usr/local/zeek if installing from source, or /opt/zeek if installing from a binary package. For example, if your network interface is "eth0", the configuration would look like this:

[zeek]
type=standalone
host=localhost
interface=eth0

If you plan to run Zeek in a cluster configuration, you will need to define where the loggers, managers, agents, and workers will run. For cluster configurations, comment out (or delete) the standalone node in the node. CFG file, and then uncomment or add node entries for each node in the cluster (Loggers, Managers, Agents, and Workers):

For example, to run five Zeek nodes (two workers, an agent, a logger, and a manager) on a cluster of three machines, the cluster configuration would look like this:

[logger]
type=logger
host=192.168.1.1

[manager]
type=manager
host=192.168.1.2

[proxy-1]
type=proxy
host=192.168.1.2

[worker-1]
type=worker
host=192.168.1.3
interface=eth0

[worker-2]
type=worker
host=192.168.1.3
interface=eth1

After configuring Zeek, you can start it using the zeekctl command:

zeekctl deploy

This command is equivalent to the install and start commands in Zeek. You can check the status of each component of the Zeek cluster by executing the status command :

zeekctl status

Thank you for using this tutorial to install the latest version of Zeek open source network traffic analyzer on Debian 12 Bookworm. For more help or useful information, we recommend you check out the Zeek official website.

The above is the detailed content of How to install Zeek Internet Security Monitor 12 on Debian. For more information, please follow other related articles on the PHP Chinese website!