zeek_install

sudo apt-get install cmake make gcc g++ flex bison libpcap-dev libssl-dev python-dev swig zlib1g-dev
sudo apt-get install libmaxminddb-dev postfix curl git


git clone --recursive https://github.com/zeek/zeek

cd zeek
./configure
make
sudo make install

export PATH=/usr/local/zeek/bin:$PATH

~/.profile

export PATH=/usr/local/zeek/bin:$PATH

#### Files in /usr/local/zeek


##### Edit /usr/local/zeek/etc/node.cfg


[zeek]
type=standalone
host=localhost
interface=eth0

##### Edit /usr/local/zeek/networks.cfg to add the IP addresses

10.0.0.0/8 Private IP space 172.16.0.0/12 Private IP space 192.168.0.0/16 Private IP space


##### Edit /usr/local/zeek/etc/zeekctl.cfg and set the

MailTo  = [email protected]



##### START

zeekctl

On the first time use - we need to do the initial installation

[ZeekControl] > install
- Then to start the zeek process

[ZeekControl] > start
- I also like using

[ZeekControl] > deploy
- to refresh settings when starting

[ZeekControl] > stop

##### for the latest log files and

/var/log/mail.log


##### Now to make sure Zeek restarts on reboot add the following to your /etc/rc.local file before the exit 0 line. IDS functionality is better with promiscuous mode on for the network interface. This will forward all packets to the CPU and not just the ones destined for the host.

ip link set eth0 promisc on
/usr/local/zeek/bin/zeekctl start

exit 0

##### Last but not least, Zeek needs to occasionally perform some scheduled maintenance:

crontab -e (select an editor and enter the following line) 
*/5 * * * * /usr/local/zeek/bin/zeekctl <a class="mention" href="/tags/cron" data-type="Tag" data-id="7LvikQpdT7kXobhN3" title="#cron (search)">cron</a



https://www.peerlyst.com/posts/zeek-ids-installation-on-raspberry-pi-part-1-david-lagace-cissp-cism-pmp