13 Apr
2021
13 Apr
'21
1:16 p.m.
Guys, Now that I have zeek up and running... what's the best tool/process for viewing the data? Looking at the hourly emailed logs is sorta interesting, but honestly not a great way to see trends over time. I've looked over the zeek.org website, and there's no real discussion there on how to summarize and get a good high level view of what's going on. Even just a daily report would be better, I think. So what I'm doing is setting up my core switch to mirror all the traffic between the switch and the router, while I also have the zeek box on another port on the switch for management. This seems to be working well so far, it's seeing all my traffic to/from the internet and the various devices connected. Cheers, John