Now that I have zeek up and running... what's the best tool/process
for viewing the data? Looking at the hourly emailed logs is sorta
interesting, but honestly not a great way to see trends over time.
I've looked over the zeek.org
website, and there's no real discussion
there on how to summarize and get a good high level view of what's
going on. Even just a daily report would be better, I think.
So what I'm doing is setting up my core switch to mirror all the
traffic between the switch and the router, while I also have the zeek
box on another port on the switch for management. This seems to be
working well so far, it's seeing all my traffic to/from the internet
and the various devices connected.