Installation of zeek aka Bro


  • Zeek is a passive network monitoring system
  • zeek can be installed on a “sensor”, which can be hardware, software, virtual, or cloud platform that passively sniffs the network traffic
  • zeek generates compact, high-fidelity log files bases on what it sees in the network traffic
  • log files are fully customizable, suitble for manual review on disk or in a more analyst-firendly tool like a security and info event management (SIEM).


Before installing Zeek, you’ll need to ensure that some dependencies are in place.

Required Dependencies

Zeek requires the following libraries and tools to be installed before you begin:

To build Zeek from source, the following additional dependencies are required:

Optional Dependencies

Zeek can make use of some optional libraries and tools if they are found at build time:

Installing zeek

# sudo su
● # sudo apt-get install cmake make gcc g++ flex bison libpcap-dev libssl-dev python-dev swig
● # sudo sh -c "echo 'deb /' >
● # wget -nv -O
● # sudo apt-key add - < Release.key
● # sudo apt-get update
● # sudo apt-get install zeek-lts
● # /opt/zeek/bin/zeek -h

Installing from Source

The typical way to build and install from source is (for more options, run ./configure --help)

git clone --recursive
make install

Leave a Reply

Your email address will not be published. Required fields are marked *