What are packages?
A package is simply a Git repository containing the source code/scripts which implement its functionality along with a small amount of descriptive metadata.
Packages are optionally registered to a centralized package source so that the Zeek package manager command-line tool, zkg, automatically knows how to locate and install them.
Why use packages?
- Packages help you customize Zeek functionality to your needs.
- Reciprocity. Sharing your packages helps others and others may share things that help you. If you've written a custom Zeek script or plugin to a solve a problem, it's highly likely someone else has the same problem and could re-use your solution, or vice versa.
- The sharing of any given package has potential to stimulate new ideas amongst the community or serve as a reference for those trying to solve similar problems.
- The package manager provides a convenient workflow for managing and organizing all your Zeek customizations in a standardized way.
- Packages are decoupled from Zeek's release cycle, so the community of package developers can, on their own, rapidly create new features and fix bugs in their standalone packages and deliver them to users at any time.
Where to get packages and how to use/create them?
pip install zkg
Then use the "list" command to browse packages registered in the main Zeek repository.
zkg list all
You may also browse packages online via https://packages.zeek.org.
Read and follow the full quickstart documentation before using zkg to install packages.
If you want to develop a new package, read the how-to guide.
New packages may be submitted via Pull Requests against the default package source repository on GitHub. Follow the directions in the README.
Who creates and maintains the packages?
Anyone is free to register their package to be included in the default, public package source which is maintained by the core team of Zeek developers. Besides screening for obvious problems, there's generally minimal criteria for the package to be accepted, the main one being that the package should clearly show which open-source license it uses.
Besides the default package source maintained by the Zeek team, one can also configure their package manager to work with private package sources that are possibly maintained by their own internal team members.
If you or your organization have packages that you'd like to share with the community, but have any questions or need help with the process, please join the Zeek mailing list and send email to firstname.lastname@example.org so we can assist.