type here...

How to install Zeek Network Security Monitoring Tool

Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
Subscribe
"The best Linux newsletter on the web"

Zeek is a highly used, free, open-source security tool for detecting network interference and analyzing network traffic. It is favored by security experts who use it to identify irregular patterns and monitor DNS, HTTP, and FTP traffic. This tool records network activity in a separate file, including crucial information like MIME types, server responses, DNS requests, HTTP sessions, URI requests, and SSL certificates.

Requirements :

  • Minimum of 2GB RAM or more
  • 5-10GB of Disk Space
  • Ubuntu 22.04
  • Root Access

Step 1: Update your Server

The first step is to update your server and which will look for newer packages and security releases for your distribution :

apt-get update
apt-get upgrade

Step 2: Installing Zeek

This tool is not available by default in Ubuntu Repository. We will need to add its repository to install it.

Download the Repository GPG Key :

curl -fsSL https://download.opensuse.org/repositories/security:zeek/xUbuntu_22.04/Release.key | gpg –dearmor | tee /etc/apt/trusted.gpg.d/security_zeek.gpg

Add the Repository :

echo ‘deb http://download.opensuse.org/repositories/security:/zeek/xUbuntu_22.04/ /’ | tee /etc/apt/sources.list.d/security:zeek.list

Update the server :

apt-get update

Now, We can continue the installation :

apt-get install zeek -y

After the installation add the installation path to your system variable

echo “export PATH=$PATH:/opt/zeek/bin” >> ~/.bashrc

Save the changes :

source ~/.bashrc

Verify the installation :

Step 3: Configuring Node

We have installed the network monitoring tool on our server! Now it’s time to edit the configuration files!

nano /opt/zeek/etc/node.cfg

Comment out these three lines :

Paste the following content into the end of the file (Change the ServerIP and Interface according to your own config ) :

[zeek-logger]
type=logger
host=SERVERIPHERE
#
[zeek-manager]
type=manager
host=SERVERIPHERE
#
[zeek-proxy]
type=proxy
host=SERVERIPHERE
#
[zeek-worker]
type=worker
host=SERVERIPHERE
interface=ens3
#
[zeek-worker-lo]
type=worker
host=localhost
interface=lo

Run this command to save the config :

zeekctl check

The output should be like this :

Run this command to deploy :

zeekctl deploy

Verify the status :

zeekctl status

If you wish to check the logs folder :

ls -l /opt/zeek/logs/current/

Conclusion:

You have installed Zeek Network Monitoring Tool on your Ubuntu 22.04 Machine! This tutorial assumes you are root!

Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
Subscribe
"The best Linux newsletter on the web"
sAmI
sAmIhttps://losersgaming.com
I'm a freelancer and a semi-professional VALORANT Player from Pakistan, Expert in Network & System Administration & WordPress Developing.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest articles

Join us on Facebook

©2023 UnixCop.com All rights reserved. We started this blog to make a difference in Unix Linux blogs world and we promise to Post the best we can and we will invite the best Admins and developers to post their work here. For any questions please contact as at [email protected]

About Us

Popular Category

Editor Picks