Zeek LTS building requirements


We are tryng to build Zeek LTS RPMs, that includes the Broker library, the Zeek BIF compiler and so on. In order to do that, I need to know what versions are used by the Zeek LTS (version 3.0.8). I've only found that the Zeek LTS installs Zeekctl v.2.0.0 but I have no information about:

- Broker library ( https://github.com/zeek/broker )

- Zeek Bif Compiler ( https://github.com/zeek/bifcl )

- BinPAC ( https://github.com/zeek/binpac )

- Zeekaux ( https://github.com/zeek/zeek-aux )

I've found this information for Zeek v 3.1.4, but I need it for current LTS.

Thanks for your time!

Este correo y en su caso su(s) archivo(s) adjunto(s), proceden de OPEN CLOUD FACTORY, S.L. y se dirige exclusivamente a su destinatario, puede contener información privada o confidencial amparada por el secreto de empresa, y a la que sólo tiene el derecho de acceder el destinatario. Si no es Vd. el destinatario indicado, o la persona responsable de su entrega al mismo, deberá abstenerse de examinar su contenido y queda notificado de que la utilización, divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente mediante correo electrónico a esta misma dirección, y proceda a su destrucción segura. OPEN CLOUD FACTORY, S.L. es el responsable de tratamiento de los datos de carácter personal facilitados que se utilizarán con la finalidad de mantener comunicaciones con usted. Tiene la posibilidad de ejercitar los derechos de acceso, rectificación, limitación d
el tratamiento, supresión y portabilidad, mediante solicitud dirigida por escrito, acreditando su identidad a la dirección electrónica dpd@opencloudfactory.com. Puede consultar información adicional y detallada sobre nuestra política de protección de datos de nuestra web www.opencloudfactory.com.

This mail and the attached files (if any), are originated by OPEN CLOUD FACTORY, S.L. and are sent to the recipient exclusively. The email might contain private and / or confidential information protected by the business secrecy. The recipient is the only person that can access it. If you are not the recipient nor the person in charge of the information delivery to the recipient, please refrain from examinating its content. Additionally, you are hereby notified that the use, disclosure and / or copy of the content withouth permission is forbidden under applicable law. If you have received this email by mistake, please contact us to the same email address as soon as possible and remove it safely. OPEN CLOUD FACTORY, S.L. remains responsible for the processing of the given data and it will be used in order to communicate with you. To exercise your rights to access, modify, cancel and oppose the processing of your details, please contact dpd@opencloudfactory.com proving your identity. T
o read further information about our data protection policy, please visit our website www.opencloudfactory.com

Hi Joel,

Do git tags work for you? If so, these are

- Broker library ( https://github.com/zeek/broker )

v1.2.8, or "LTS"

- Zeek Bif Compiler ( https://github.com/zeek/bifcl )


- BinPAC ( https://github.com/zeek/binpac )


- Zeekaux ( https://github.com/zeek/zeek-aux )


Does that give you what you need?


To expand on this answer a bit...

the easiest way to figure this out is to just to download the full version
and to look at the VERSION file in the respective subdirectory.

That wil give you the exact version number that you need - and you can
then download the respective package you need from download.zeek.org

Alternatively you can do what christian suggested - check out the version
that you are interested in in git, and then look at the submodule versions
- and check out the tags.

Taking a step back, however, I might suggest that you just take the full
version from download.zeek.org, build that one "as it is" and then sort
the files it generates into different packages. This is how we do it for
the packages that we provide.


Something that might also be helpful is some Docker images that I’ve created:



These have the Zeek source code in /build/zeek, and Zeek pre-compiled and installed in /usr/local/zeek. The goal of them is if you have custom packaging requirements, it’s very easy to take those files and package them up as needed. We also use them for testing plugins, etc.

Each of those images have tags which refer to the Zeek version that’s installed. v3.0, v3.1, and v3.2 all refer to the latest released version of those. v3.3 is currently pointing to Zeek’s v3.3.0-dev tag, as there’s been no release yet. The latest tag points to Zeek master.

The repo that generates these, with the accompanying code, is here: https://github.com/grigorescu/docker-zeek-build


I am a little confused by this. What I do is git clone zeek (without submodules), then checkout a particular tag, and then do the submodule init. I believe that makes sure that you have all the right versions of everything.

If you need to do the same outside zeek, do a clone, checkout, submodules init just to get the versions you need and then do whatever you need to do.

For instance, this is how I compile a version Broker that is compatible with a precompiled version of zeek.

I hope I am not misunderstanding what is going on.

Hi James,

I am a little confused by this. What I do is git clone zeek (without
submodules), then checkout a particular tag, and then do the submodule
init. I believe that makes sure that you have all the right versions of

yes, it does.

I think the aim of the original question was to figure out the correct
versions of the individual release tarballs for the subprojects - which we
offer on download.zeek.org.

I am not sure a lot of people actually realize that we offer them. But if
you want - you can currently download tarballs of the different
subcomponents, if you know the version that you need.

However, you can totally just do what you do - and just check out the
submodules like you do - or just use the full release tarball. And that is
the approach that I recommend :slight_smile:

I hope that helps a bit with the confusion,