Zeek 8.2.0-rc1 is now available:
https://zeek.org/get-zeek
https://download.zeek.org/zeek-8.2.0-rc1.tar.gz
We are targeting May 4 for the full release. Binary packages will be available here.
If you missed it, Christian’s development update post covers what’s new and changing in 8.2.
A few things to check depending on your setup:
-
Prometheus metrics now listen locally by default. MetricsAddress changed from 0.0.0.0 to 127.0.0.1. If you’re scraping metrics remotely or running Zeek in containers, you’ll need to update zeekctl.cfg.
-
New IGMP analyzer. Zeek now processes IGMP traffic, a frequently-requested protocol. There are new events available but no new log. If IGMP is relevant to your network, we’d love to know if this covers your needs.
There are no structural log schema changes over 8.1. The one addition: dns.log now reports DNS NOTIFY updates per RFC 1996.
Will any of this affect your setup?
Reply to this post or share your feedback in #general on Slack. We want to hear from you before the final release ships on May 4.
As a reminder, 8.2.0 will mark the end of 8.1 support. The 8.0.x LTS line continues getting patch releases as normal.