Upgrading to Zeek
A while back, I started a project to rename a highly scaleable and
extremely powerful NSM/IDS software to something more palatable. It was
a small effort, but I ended up successfully renaming the software in
question to Orb. The purpose of renaming the software was that it was
becoming increasingly difficult to discuss the NSM with people who did
not have a history with intrusion detection. With the exception of a
few tightly controlled production instances, though, I continued to use
the software with the old name as, in the absence of my version being
included in package managers or security bulletins, it was best to
leave organizations with something more standard.
The name of the original software was Bro. Although intended as a
reference to the Orwell 1984 novel when the software was first
created, the current interpretation of the word "Bro" has taken
on negative connotations . Fortunately, the community and supporters
of the Bro project realized this and have released a re-branded Bro
called Zeek . The source code for Zeek 2.6.1 is now available for
download at zeek.org .
Zeek is a large project, and many things have been added over the
years. So a fully sanitized version is not practically possible.
There are still thigs like broctl and bro scripts. Much of the document
ion is written for Bro. Imagine, though, 20 some years of software
development and all of the lines of code and pages of documentation and
it is easy to understand why the project cann not be entirely
Zeek-i-fied over night (if at all).
Installation is strait forward and covered very well in the
documentation. It is not necessary to to rewrite it here.
In all likelihood, people unfamiliar with intrusion detection will
still respond with "I never heard of that" when I tell them
what a site is running. However, I look forward to not having
conversations about the name of the software beyond that. We can focus
on what the software can do, the detailed forensic information it can
extract from a network, rather than discussing the merits or origins of