zeekctl(8) System Administration Utilities zeekctl(8)
NAME
zeekctl - interactive shell for managing Zeek installations
SYNOPSIS
zeekctl [command]
DESCRIPTION
zeekctl is an interactive interface for managing either a standalone or
a Zeek cluster installation. If a zeekctl command is specified
directly on the command-line, then zeekctl performs the action associ-
ated with that command immediately (instead of running the interactive
interface).
Before actually running zeekctl you first need to edit the zeekctl.cfg,
node.cfg, and networks.cfg files. In the zeekctl.cfg file, you should
review the zeekctl options and make sure the options are set correctly
for your environment. Next, edit the node.cfg file and specify the
nodes that you will be running. Finally, edit the networks.cfg file and
list each network that is considered local to the monitored environment
(see the examples in the file for the format to use).
When running zeekctl for the first time, you must run the zeekctl
deploy command before running any other commands in order to apply the
configuration settings. You must also run zeekctl deploy each time you
change the configuration (including any Zeek scripts) or upgrade Zeek.
OPTIONS
capstats [<nodes>] [<secs>]
Report interface statistics with capstats
check [<nodes>]
Check configuration before installing it
cleanup [--all] [<nodes>]
Delete working dirs (flush state) on nodes
config Print zeekctl configuration
cron [--no-watch]
Perform jobs intended to run from cron
cron enable|disable|?
Enable/disable "cron" jobs
deploy Check, install, and restart
df [<nodes>]
Print nodes' current disk usage
diag [<nodes>]
Output diagnostics for nodes
exec <shell cmd>
Execute shell command on all hosts
exit Exit from the interactive interface
install
Update zeekctl installation/configuration
netstats [<nodes>]
Print nodes' current packet counters
nodes Print node configuration
peerstatus [<nodes>]
Print status of nodes' remote connections
print <id> [<nodes>]
Print values of script variable at nodes
process <trace> [<op>] [-- <sc>]
Run Zeek (with options and scripts) on trace
restart [--clean] [<nodes>]
Stop and then restart processing
scripts [-c] [<nodes>]
List the Zeek scripts the nodes will load
start [<nodes>]
Start processing
status [<nodes>]
Summarize node status
stop [<nodes>]
Stop processing
top [<nodes>]
Show Zeek processes ala top
Commands provided by plugins:
ps.zeek [<nodes>]
Show Zeek processes on nodes' systems
AUTHOR
zeekctl was written by The Zeek Project <info@zeek.org>.
November 2014 zeekctl(8)
zeek 3.0.0 - Generated Tue Nov 5 05:56:51 CST 2019