Or - How can I get involved in the community?
One of the questions that we commonly get is “How do I get help," or “How can I get involved into the Zeek community?" The goal of this blog post is to make you aware of the community resources that exist and how you can get involved in the community.
Discussion and Announcement Lists
The best place to get started and to get feedback is the Zeek mailing list. The mailing list should be your first stop for just about anything. If you are interested in what is going on in the community, it is going to be posted on the mailing list. Have questions about the usage of Zeek, or how other people are using it, then the mailing list is the right place for that. Want to announce a Zeek related project of yours, post it to the mailing list.
To join the mailing list just follow this link. The archives of the mailing list also are open to the public. The archives do not offer a search interface, but you can search them with google by appending “site:mailman.icsi.berkeley.edu inurl:pipermai/zeek” to your query, as in this example.
Please note that to send an email to the list you have to be subscribed with the exact same email address that you are sending from. Otherwise your mail will be automatically rejected by the system.
In case you decide that the Zeek mailing list is too high traffic for you and you are only interested in release announcements, you might be interested in the Zeek-announce mailing list. This is a very low traffic list that typically is only used for announcements of new versions, security issues, and our large event notifications. There are typically 0-2 emails per month on this list. This list is moderated and you cannot post to it.
Twitter, Blog, & IRC
Other sources for news about our project are our twitter account (@zeekurity) and our blog. You can also reach some people in the community on the #zeek irc channel on irc.freenode.net. Note that most people do not treat IRC as a realtime medium and it might take several hours until you get an answer to a question.
Future and Past Events
Another great way to interact with the community is our events. We hold one large event each year: Zeek Week. Zeek Week is held in the conterminous United States and typically takes place in either September or October each year. For the last two years we also had smaller workshops in Europe and there are a lot of smaller meetings that feature some Zeek content. A lot of these events post their slides, or videos of the full talks, see the event pages for the different events for more information. Examples: This year's Zeek Week and our youtube channel contain a lot of information for past events.
Learning Zeek - Scripting and Extending
If you are new to Zeek and interested in learning scripting, try.zeek.org is your best starting point. It is a sandbox in which you can play around with Zeek without having to install it locally. And it comes with a guided course that teaches you the scripting languages. After this our documentation page is the next best starting point.
If you are interested in extending Zeek, you might want to start by writing a plugin. Plugins can extend a lot of the functionality of Zeek. A plugin can, for example, contain a protocol analyser, log writer, input reader, or just add new bifs. There also is a nice talk which outlines how everything works together and how to write your first plugin.
Contributing Back - Scripts, Plugins and Packages
After getting more comfortable with Zeek, and writing your own scripts and/or plugins you might want to start contributing back to Zeek. The easiest way to do this is to publish your scripts and plugins as Zeek packages. Zeek packages can be easily installed by anyone using the Zeek package manager. Converting your scripts or plugins into a package is as easy as having them in a git repository and adding a single meta file. The following documentation walks you through making your script into a package. After creating your package, you can submit it to the official package list via github. Typically these requests are accepted within a few hours to a day. Afterwards your package will also appear in the Zeek Package Browser.
However, before you start writing a package it might be worth to look through the existing Zeek packages to see if someone already did something similar that you can build on.
Contributing Back - Zeek Patches and Extensions
If you want to contribute back functionality to Zeek itself, the first step is to look at our Zeek contribution page, which outlines the process. Before you start on a bigger project, you should get feedback by the community on your proposal. The best place to do this is the Zeek development mailing list. If you are starting to develop on the Zeek codebase itself, it may be worth subscribing to this mailing list. Subscribing to this list will allow you to see what other things are currently happening on the Zeek development front.
You might also want to subscribe to the Zeek commits mailing list. This mailing list gets one email for each commit that is made to any of the Zeek repositories. This email list is rather high traffic, but it gives a good overview of the activity that is currently going on.
If you are unsure on how to get started extending Zeek, or if you are confused about the layout of our git repositories, there will be another blog post in the near future which outlines our repository organization.
Contributing Back - Bug Reports
If you find a bug in Zeek, you can report it to us on our GitHub issue tracker. Please note that we only use the issue tracker for bugs, not for questions about Zeek or problems that you have with Zeek that are not bugs. For questions about topics that are not bugs these you will be referred back to the mailing list, which is read by a much larger group of people with a much wider set of knowledge.
Contributing Back - Other Ways
If you are interested in contributing, but do not want to write scripts or Zeek itself, there are other ways to do this. The first way it so just be active on our mailing lists. If someone asks a question that you can answer, feel free to chime in.
Second, we are happy for contributions to our documentation. This can either mean extending the documentation of Zeek itself (which is stored together with the source-code and contributed back the same way as source code changes). Or, you can also just write about Zeek on your own blog.
You can also speak at events (watch for calls for presentations), invite someone to speak about Zeek at your local infosec, or open source meetup. You can host a meetup or workshop.
List of All Community Resources
Our webpage also has a handy list of the community resources mentioned in this blog post. And as always, if you have questions, or comments reach out to us on any of the mentioned resources.