From 443a6d224bd7c80a5219dfb86a68e741f7b2b6c5 Mon Sep 17 00:00:00 2001
From: marchersimon <50295997+marchersimon@users.noreply.github.com>
Date: Thu, 18 Mar 2021 01:52:43 +0100
Subject: [PATCH] zeek: add page (#5453)

---
 pages/common/zeek.md | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 pages/common/zeek.md

diff --git a/pages/common/zeek.md b/pages/common/zeek.md
new file mode 100644
index 000000000..0e6f2b5e7
--- /dev/null
+++ b/pages/common/zeek.md
@@ -0,0 +1,29 @@
+# zeek
+
+> Passive network traffic analyser.
+> Any output and log files will be saved to the current working directory.
+> More information: <https://docs.zeek.org/en/lts/quickstart.html#zeek-as-a-command-line-utility>.
+
+- Analyze live traffic from a network interface:
+
+`sudo zeek --iface {{interface}}`
+
+- Analyze live traffic from a network interface and load custom scripts:
+
+`sudo zeek --iface {{interface}} {{script1}} {{script2}}`
+
+- Analyze live traffic from a network interface, without loading any scripts:
+
+`sudo zeek --bare-mode --iface {{interface}}`
+
+- Analyze live traffic from a network interface, applying a `tcpdump` filter:
+
+`sudo zeek --filter {{path/to/filter}} --iface {{interface}}`
+
+- Analyze live traffic from a network interface using a watchdog timer:
+
+`sudo zeek --watchdog --iface {{interface}}`
+
+- Analyze traffic from a `pcap` file:
+
+`zeek --readfile {{path/to/file.trace}}`