Skip to main content

Zeek: Add GeoIP Data to Logs

Virtual Environments

sudo apt install -y pipx
pipx install zkg
echo 'export PATH=$PATH:/opt/zeek/bin:$HOME/.local/bin' >> $HOME/.bashrc
source $HOME/.bashrc

Install Zeek Package

zkg autoconfig
zkg install geoip-conn
sudo -i sed -i.bak 's/^# @load packages/@load packages/g' /opt/zeek/share/zeek/site/local.zeek

Configure Zeek to load installed packages (geoip-conn, in this case)

sudo -i zeekctl check && sudo -i zeekctl deploy

Back to top