UbuntuUbuntu Based

How To Install Zeek Network Security Monitor on Ubuntu 22.04 LTS

Install Zeek Network Security Monitor on Ubuntu 22.04

In this tutorial, we will show you how to install Zeek Network Security Monitor on Ubuntu 22.04 LTS. For those of you who didn’t know, Zeek, formerly known as Bro, is a free and open-source software network security monitor. It is designed for high-performance network analysis and security monitoring, providing a platform for network traffic analysis and security monitoring. Zeek provides a flexible scripting language and a set of analysis tools that allow network administrators and security professionals to monitor and analyze network traffic in real-time, detect and respond to security threats, and gather forensic evidence for incident response and investigations.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Zeek Network Security Monitor on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.


  • A server running one of the following operating systems: Ubuntu 22.04, 20.04, and any other Debian-based distribution like Linux Mint.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • An active internet connection. You’ll need an internet connection to download the necessary packages and dependencies for Zeek Network Security Monitor.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Zeek Network Security Monitor on Ubuntu 22.04 LTS Jammy Jellyfish

Step 1. First, make sure that all your system packages are up-to-date by running the following apt commands in the terminal.

sudo apt update
sudo apt upgrade
sudo apt install wget apt-transport-https gnupg2 software-properties-common

Step 2. Installing Zeek Network Security Monitor on Ubuntu 22.04.

By default, Zeek is not available on Ubuntu 22.04 base repository. Now run the following command below to add the Zeek repository to your Ubuntu system:

echo 'deb http://download.opensuse.org/repositories/security:/zeek/xUbuntu_22.04/ /' | tee /etc/apt/sources.list.d/security:zeek.list

Next, import the GPG key with the following command:

curl -fsSL https://download.opensuse.org/repositories/security:zeek/xUbuntu_22.04/Release.key | gpg --dearmor | tee /etc/apt/trusted.gpg.d/security_zeek.gpg

After the added Zeek repository, we will be able to start installation using the following command in the terminal:

sudo apt update
sudo apt install zeek

During the installation, you will be asked to select your mail server, select local only and press the Enter key. You will be asked to provide your mail server hostname.

Install Zeek Network Security Monitor on Ubuntu 22.04 LTS Jammy Jellyfish

After that, you will need to add the Zeek installation path to your system variable:

echo "export PATH=$PATH:/opt/zeek/bin" >> ~/.bashrc

Next, activate the system variable with the following command:

source ~/.bashrc

You can verify that the Zeek has been installed by running the following command:

zeek --version

Step 3. Configure Zeek.

Finally, you need to configure Zeek by creating the configuration file and defining the network interfaces to monitor:

nano /opt/zeek/etc/networks.cfg

Add more networks at the end of the file:          Private IP space       Private IP space      Private IP space

Save and close the file then edit the Zeek main configuration file using your favorite text editor:

nano /opt/zeek/etc/node.cfg

Comment on the following lines:


Also, add the following configurations at the end of the file:


Save and close the file, then verify the Zeek configuration using the following command:

zeekctl check

Next,  now deploy the Zeek using the following command below:

zeekctl deploy

Finally, check the Zeek status with the following command:

zeekctl status


Name         Type    Host             Status    Pid    Started
zeek-logger  logger    running   58935  1 Feb 05:46:02
zeek-manager manager    running   58985  1 Feb 05:46:03
zeek-proxy   proxy    running   59035  1 Feb 05:46:05
zeek-worker  worker    running   59107  1 Feb 05:46:06
zeek-worker-lo worker  localhost       running   59104  1 Feb 05:46:06

Congratulations! You have successfully installed Zeek. Thanks for using this tutorial for installing the Zeek Network Security Monitor on Ubuntu 22.04 LTS Jammy Jellyfish system. For additional help or useful information, we recommend you check the official Zeek website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!


r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button