{"id":17709394,"url":"https://github.com/0snap/zeek-docker","last_synced_at":"2025-10-20T05:26:19.202Z","repository":{"id":78799398,"uuid":"168461184","full_name":"0snap/zeek-docker","owner":"0snap","description":"Zeek IDS and Zeek-Broker Docker images ","archived":false,"fork":false,"pushed_at":"2020-09-03T17:53:33.000Z","size":7,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-02-06T12:15:52.647Z","etag":null,"topics":["broker","broker-docker","docker","zeek","zeek-broker","zeek-docker","zeek-ids"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/fixel/zeek","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0snap.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-01-31T04:10:56.000Z","updated_at":"2021-03-30T02:38:00.000Z","dependencies_parsed_at":"2023-07-17T06:31:34.439Z","dependency_job_id":null,"html_url":"https://github.com/0snap/zeek-docker","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0snap%2Fzeek-docker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0snap%2Fzeek-docker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0snap%2Fzeek-docker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0snap%2Fzeek-docker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0snap","download_url":"https://codeload.github.com/0snap/zeek-docker/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246436052,"owners_count":20776960,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["broker","broker-docker","docker","zeek","zeek-broker","zeek-docker","zeek-ids"],"created_at":"2024-10-25T04:03:52.549Z","updated_at":"2025-10-20T05:26:14.156Z","avatar_url":"https://github.com/0snap.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"Zeek Docker\n===========\n\n#### Zeek Image:\n\n- Container base is `debian:buster`\n- Uses `python 3`\n- Installs the `zkg` [packet manager](https://packages.zeek.org/)\n\n#### Broker Image:\n\n- Container base is `debian:buster`\n- Uses `python 3`\n- Has python bindings\n\n## Usage\n\n[Zeek can be scripted](https://docs.zeek.org/en/stable/examples/scripting/index.html). Per default, it will load the script at `$ZEEK_HOME/share/zeek/site/local.zeek`. See also the [zeek-ctl#zeek-scripts](https://github.com/zeek/zeekctl#zeek-scripts) documentation.\n\nYou can mount a directory to `/opt/zeek/share/zeek/site` to set custom scripts for Zeek to use.\n\n## Build\n\n    $ docker build . -t fixel/zeek:latest\n    $ docker build . -f Dockerfile_broker --build-arg BROKER_VERSION=v1.4.0 -t fixel/zeek:broker-latest\n    \n## Run\n\nYou can find a container image on docker hub: [fixel/zeek](https://cloud.docker.com/repository/docker/fixel/zeek)\n\nThe container expects that you pass arguments to it, everything is passed to the `zeek` command. To listen on the interface `enp0s31f6` you would run this:\n\n    $ docker run --net=host --name=zeek --rm -ti fixel/zeek -i enp0s31f6\n\nThe logs will be stored in `/var/log/zeek`, which is marked as docker volume. You can extract the logs by the usual means of container management.\n\n## Computation Speed Up \u0026 Clustering\n\nZeek IDS can only leverage one processor core. But it can be run in a worker cluster setup to share the computational costs of traffic processing. Find a docker based Zeek IDS worker cluster on github: [0ortmann/zeek-cluster](https://github.com/0ortmann/zeek-cluster), on docker hub: [fixel/zeek-cluster](https://cloud.docker.com/u/fixel/repository/docker/fixel/zeek-cluster).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0snap%2Fzeek-docker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0snap%2Fzeek-docker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0snap%2Fzeek-docker/lists"}