You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
95 lines
4.8 KiB
95 lines
4.8 KiB
% Generated by roxygen2: do not edit by hand
|
|
% Please edit documentation in R/zeek-man.R
|
|
\name{zeek_man}
|
|
\alias{zeek_man}
|
|
\alias{man_zeek}
|
|
\title{Zeek Manual Page Quick Reference}
|
|
\usage{
|
|
zeek_man()
|
|
|
|
man_zeek()
|
|
}
|
|
\description{
|
|
\code{zeek} - passive network traffic analyzer
|
|
}
|
|
\details{
|
|
\subsection{SYNOPSIS}{
|
|
|
|
\strong{\code{zeek}} \verb{[*options*] [*file* ...]}
|
|
}
|
|
|
|
\subsection{DESCRIPTION}{
|
|
|
|
Zeek is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Zeek supports a wide range of traffic analysis tasks even #' outside of the security domain, including performance measurements and helping with trouble-shooting.
|
|
|
|
Zeek comes with built-in functionality for a range of analysis and detection tasks, including detecting malware by interfacing to external registries, reporting vulnerable versions of software seen on #' the network, identifying popular web applications, detecting SSH brute-forcing, validating SSL certificate chains, among others.
|
|
}
|
|
|
|
\subsection{OPTIONS}{
|
|
\itemize{
|
|
\item \strong{\verb{<file>}}: policy file, or read stdin
|
|
\item \strong{\code{-a}}, \code{--parse-only}: exit immediately after parsing scripts
|
|
\item \strong{\code{-b}}, \code{--bare-mode}: don't load scripts from the base/ directory
|
|
\item \strong{\code{-d}}, \verb{--debug-policy:} activate policy file debugging
|
|
\item \strong{\code{-e}}, \verb{--exec <zeek code>}: augment loaded policies by given code
|
|
\item \strong{\code{-f}}, \verb{--filter <filter>}: tcpdump filter
|
|
\item \strong{\code{-h}}, \verb{--help|-?}: command line help
|
|
\item \strong{\code{-i}}, \verb{--iface <interface>}: read from given interface
|
|
\item \strong{\code{-p}}, \verb{--prefix <prefix>}: add given prefix to policy file resolution
|
|
\item \strong{\code{-r}}, \verb{--readfile <readfile>}: read from given tcpdump file
|
|
\item \strong{\code{-s}}, \verb{--rulefile <rulefile>}: read rules from given file
|
|
\item \strong{\code{-t}}, \verb{--tracefile <tracefile>}: activate execution tracing
|
|
\item \strong{\code{-w}}, \verb{--writefile <writefile>}: write to given tcpdump file
|
|
\item \strong{\code{-v}}, \code{--version}: print version and exit
|
|
\item \strong{\code{-x}}, \verb{--print-state <file.bst>}: print contents of state file
|
|
\item \strong{\code{-C}}, \code{--no-checksums}: ignore checksums
|
|
\item \strong{\code{-F}}, \code{--force-dns}: force DNS
|
|
\item \strong{\code{-I}}, \verb{--print-id <ID name>}: print out given ID
|
|
\item \strong{\code{-N}}, \code{--print-plugins}: print available plugins and exit (\strong{-NN} for verbose)
|
|
\item \strong{\code{-P}}, \code{--prime-dns}: prime DNS
|
|
\item \strong{\code{-Q}}, \code{--time}: print execution time summary to stderr
|
|
\item \strong{\code{-R}}, \verb{--replay <events.bst>}: replay events
|
|
\item \strong{\code{-S}}, \code{--debug-rules}: enable rule debugging
|
|
\item \strong{\code{-T}}, \verb{--re-level <level>}: set 'RE_level' for rules
|
|
\item \strong{\code{-U}}, \verb{--status-file <file>}: Record process status in file
|
|
\item \strong{\code{-W}}, \code{--watchdog}: activate watchdog timer
|
|
\item \strong{\code{-X}}, \verb{--zeekygen <cfgfile>}: generate documentation based on config file
|
|
\item **\verb{--pseudo-realtime[=**<speedup>]}: enable pseudo-realtime for performance evaluation (default 1)
|
|
\item \strong{\code{--load-seeds}} \verb{<file>}: load seeds from given file
|
|
\item \strong{\code{--save-seeds}} \verb{<file>}: save seeds to given file
|
|
}
|
|
|
|
The following option is available only when Zeek is built with the \code{--enable-debug} configure option:
|
|
|
|
\strong{\code{-B}}, \verb{--debug <dbgstreams>}: Enable debugging output for selected streams ('-B help' for help)
|
|
|
|
The following options are available only when Zeek is built with \code{gperftools} support (use the \code{--enable-perftools} and \code{--enable-perftools-debug} configure options):
|
|
|
|
\strong{\code{-m}}, \code{--mem-leaks}: show leaks
|
|
\strong{\code{-M}}, \code{--mem-profile}: record heap
|
|
}
|
|
|
|
\subsection{ENVIRONMENT}{
|
|
\itemize{
|
|
\item \strong{\code{ZEEKPATH}}: file search path
|
|
\item \strong{\code{ZEEK_PLUGIN_PATH}}: plugin search path
|
|
\item \strong{\code{ZEEK_PLUGIN_ACTIVATE}}: plugins to always activate
|
|
\item \strong{\code{ZEEK_PREFIXES}}: prefix list
|
|
\item \strong{\code{ZEEK_DNS_FAKE}}: disable DNS lookups
|
|
\item \strong{\code{ZEEK_SEED_FILE}}: file to load seeds from
|
|
\item \strong{\code{ZEEK_LOG_SUFFIX}}: ASCII log file extension
|
|
\item \strong{\code{ZEEK_PROFILER_FILE}}: Output file for script execution statistics
|
|
\item \strong{\code{ZEEK_DISABLE_ZEEKYGEN}}: Disable Zeekygen (Broxygen) documentation support
|
|
}
|
|
}
|
|
|
|
\subsection{AUTHOR}{
|
|
|
|
\strong{zeek} was written by The Zeek Project <info@zeek.org>.
|
|
}
|
|
}
|
|
\examples{
|
|
zeek_man()
|
|
man_zeek
|
|
?zeek_man
|
|
}
|
|
|