Zeek feature pre-release v8.0.0-rc2 is now available:
https://zeek.org/get-zeek
https://download.zeek.org/zeek-8.0.0-rc2.tar.gz
Changes since 8.0.0-rc1:
- Two new hooks,
Cluster::on_subscribe()
andCluster::on_unsubscribe()
have
been added to allow observingSubscribe()
andUnsubscribe()
calls on
backends by Zeek scripts. - A fix for reading SMB2 ReadResponse messages.
- A fix for
analyzer.log
missing theproto
field.
Some highlights in the 8.0 release:
- C++ 20-capable compilers are now required to build Zeek.
- The ZeroMQ library is now a required dependency for Zeek. Broker continues to be our default cluster backend, but requiring ZeroMQ for building will allow us to change this more easily in the future.
- Support for new plugins for extending connection information was added. This allows plugin authors to add additional information to connections beyond the traditional five-tuple. A plugin to add VLAN tags is included.
- A new analyzer for Redis traffic was added.
- Lots of improvements to both the cluster and storage frameworks, including new metrics exposed by the telemetry framework.
See the release notes for details of the new functionality, breaking changes, and changed functionality
Release v8.0.0-rc2 - zeek/zeek - GitHub
Binary packages for the new releases will also be available shortly: