Hello All,
I am new to zeek, I use it on linux, I was just wondering if zeek can actually monitor a remote gateway with devices attached to it?, for example I have a modem/router at location A say with public ip address 200.0.200.1 and another location say location B with public IP address of 300.0.300.1. If zeek cannot accomplish this what and how should I go about doing it?, we beleive that an employee is messing with the modem/gateway and changing the public IP(yes they work for the ISP), this is why I need to monitor both gateways for unusual activity.
Thank you all in advance,
Don
Hello,
You install Zeek on a computer, typically running Linux. (BSD is another popular option, and Windows support is experimental.) Call this step 1.
You then tell Zeek to watch one or more network interfaces. Zeek sees network traffic and then writes logs to disk. Call this step 2.
If you can’t do step 1, we can’t go any farther.
If you can do step 1, I’m still not sure Zeek addresses your use case, as it seems odd to me.
Sincerely,
Richard
I have zeek installed on one machine, So the way it sounds I will have to maybe setup a raspberry pi or something for location 2, since location 1 already has a zeek install(my mycomputer).
Don’t understand why it would seem odd to monitor two different subnets but hey to each their own
If you want to monitor at another location, you need a way to see the traffic there. Most people but a sensor at the other location. It is possible to shuttle traffic from one location to another with tunnels, but that is way more hassle and prone to packet loss. I’m not sure why you think having Zeek deployed in one location means you automatically see traffic anywhere else?