Network_-_Zeek--Zeek_logs.html

<!doctype html>
<html>
<head>
  <meta http-equiv="content-type" content="text/html; charset=utf-8">
  <title>Zeek logs</title>
  <meta name="generator" content="CherryTree">
  <link rel="stylesheet" href="res/styles3.css" type="text/css" />
</head>
<body>
<div class='page'><h1 class='title'>Zeek logs</h1><br/><h1>Zeek logs<br /></h1><br /><h2>Logs are stored in /opt/zeek/logs/current, it should have logs show up<br /></h2><br /><code><h2># ls -l<br />total 92<br />-rw-r--r-- 1 root zeek   103 Jun 26 19:16 capture_loss.log<br />-rw-r--r-- 1 root zeek  5490 Jun 26 19:20 conn.log<br />-rw-r--r-- 1 root zeek   168 Jun 26 19:19 dhcp.log<br />-rw-r--r-- 1 root zeek  5796 Jun 26 19:20 dns.log<br />-rw-r--r-- 1 root zeek  1875 Jun 26 19:16 http.log<br />-rw-r--r-- 1 root zeek 33333 Jun 26 19:15 loaded_scripts.log<br />-rw-r--r-- 1 root zeek   182 Jun 26 19:16 notice.log<br />-rw-r--r-- 1 root zeek    90 Jun 26 19:15 packet_filter.log<br />-rw-r--r-- 1 root zeek   533 Jun 26 19:15 reporter.log<br />-rw-r--r-- 1 root zeek   961 Jun 26 19:20 stats.log<br />-rw-r--r-- 1 root zeek    20 Jun 26 19:15 stderr.log<br />-rw-r--r-- 1 root zeek   188 Jun 26 19:15 stdout.log<br />-rw-r--r-- 1 root zeek  1280 Jun 26 19:16 weird.log</h2></code><br /><br /><h2>• Some event Zeek decodes and logs:<br />   ◇ conn.log - connections<br />   ◇ dhcp.log - dhcp<br />   ◇ dns.log - dns activity<br />   ◇ http.log - http traffic<br />   ◇ ssh.log - ssh connection info<br />   ◇ software.log - software detected by zeek<br />   ◇ and more...</h2><br /><br />more info: <a href="https://docs.zeek.org/en/master/script-reference/log-files.html">https://docs.zeek.org/en/master/script-reference/log-files.html</a></div>
</body>
</html>