zeekctl - Man Page

interactive shell for managing Zeek installations

Synopsis

zeekctl [command]

Description

zeekctl is an interactive interface for managing either a standalone or a Zeek cluster installation.  If a zeekctl command is specified directly on the command-line, then zeekctl performs the action associated with that command immediately (instead of running the interactive interface).

Before actually running zeekctl you first need to edit the zeekctl.cfg, node.cfg, and networks.cfg files. In the zeekctl.cfg file, you should review the zeekctl options and make sure the options are set correctly for your environment. Next, edit the node.cfg file and specify the nodes that you will be running. Finally, edit the networks.cfg file and list each network that is considered local to the monitored environment (see the examples in the file for the format to use).

When running zeekctl for the first time, you must run the zeekctl deploy command before running any other commands in order to apply the configuration settings.  You must also run zeekctl deploy each time you change the configuration (including any Zeek scripts) or upgrade Zeek.

Options

capstats [<nodes>] [<secs>]

Report interface statistics with capstats

check [<nodes>]

Check configuration before installing it

cleanup [--all] [<nodes>]

Delete working dirs (flush state) on nodes

config

Print zeekctl configuration

cron [--no-watch]

Perform jobs intended to run from cron

cron enable|disable|?

Enable/disable "cron" jobs

deploy

Check, install, and restart

df [<nodes>]

Print nodes' current disk usage

diag [<nodes>]

Output diagnostics for nodes

exec <shell cmd>

Execute shell command on all hosts

exit

Exit from the interactive interface

install

Update zeekctl installation/configuration

netstats [<nodes>]

Print nodes' current packet counters

nodes

Print node configuration

peerstatus [<nodes>]

Print status of nodes' remote connections

print <id> [<nodes>]

Print values of script variable at nodes

process <trace> [<op>] [-- <sc>]

Run Zeek (with options and scripts) on trace

restart [--clean] [<nodes>]

Stop and then restart processing

scripts [-c] [<nodes>]

List the Zeek scripts the nodes will load

start [<nodes>]

Start processing

status [<nodes>]

Summarize node status

stop [<nodes>]

Stop processing

top [<nodes>]

Show Zeek processes ala top

Commands provided by plugins:

ps.zeek [<nodes>]

Show Zeek processes on nodes' systems

Author

zeekctl was written by The Zeek Project <info@zeek.org>.

Referenced By

zeek(8).

November 2014 System Administration Utilities