Zeek Newsletter - Issue 56 - October 2025

michelle · November 6, 2025, 8:48pm

Welcome to the Zeek Newsletter

In this Issue:

TL;DR: Zeek 8.0.4 is out with stability improvements, 8.1 development continues with ZeroMQ integration and WebSocket support, and CERN workshop registration is filling fast!

Don’t Miss This – Reminders for the Community

Zeek Workshop Europe (Geneva, Mar. 25-26)

Registration is now open for a free, two-day workshop at CERN. Limited spots available. Sign up on our website.

Job posting

Hassan shared an opportunity for a Short-Term Fraud Analyst (4 hours, remote). Check out his Slack message to read the full description and learn how to apply.

Topic of the Month

November’s theme is “Hardware & Setup” — join the discussion in #topic-of-the-month on Slack and read the October recap on our blog.

New Blog Posts

We recapped Christian’s “Integrating Zeek with Third-Party Applications” talk from hack.lu and our recent session at NSF Cybersecurity Summit.

New contributor resources

We now have non-developer contributor resources available. Join the #contribute Slack channel and check out the resources shared in this message.

Leadership Team Election

The current election cycle for the Zeek Leadership Team has concluded. Read the full update on Discourse.

Zeek Tip of the Month

You can adjust Zeek’s many config knobs at invocation time, without the need for “zeek -e” or extra Zeek scripts. For example:

zeek -C -r your.pcap LogAscii::use_json=T

switches logging to JSON, and

zeek -C -r your.pcap partial_connection_ok=F

tells Zeek to ignore connections missing their initial handshake. This works for most variable types.

Have a tip of your own?

Share tricks, shortcuts, or techniques with us! Submit yours using this form.

Community Call Recap

Highlights from this month’s call:

Community presentations: Real-world log use cases from NCSA, Security Onion, and University of Victoria
Zeek 8.1 development continues (ZeroMQ backend, WebSocket support, ZKG updates)
Zeek 8.0.4 now available with bug fixes
Recap of NSF training event (October 20)
CERN workshop registration is now open (March 25-26, 2026)
Topic of the Month: November focuses on Zeek Hardware and Setup

Missed it? Watch the recording on our YouTube Channel.

The next call is December 3 at 10am Pacific Time. Use this Zoom link to join. There’s no registration required, just drop in and join the conversation. See you there!

Contributor Shoutout

This month we want to give a quick shout out to @kshitiz56 for helping out with recent GitHub issues and to Michael Dopheide for supporting the recent training at NSF Cybersecurity Summit. Your time is much appreciated. Thank you!

For more information about how to contribute to Zeek, check out the #contribute channel on Slack.

Development Updates

Work continues on Zeek 8.1, scheduled for release in mid-December 2025. Key features include the switch to ZeroMQ as the messaging backend, enhanced WebSocket support for easier integration with Zeek, and improved libraries to simplify development workflows. The team is also delivering long-awaited updates to the Zeek Package Manager (ZKG).

Version 8.0.4 was recently released, addressing several bug fixes including reverting an earlier change that caused Zeek 8.0.2 and 8.0.3 to require Python 3.10. While this release contains no security fixes, users on the 8.0 release train are encouraged to upgrade for improved stability.

Zeek’s latest development snapshot includes a systemd generator that can be leveraged to setup a single node Zeek cluster where each process is supervised by systemd with little hassle. It’s definitely meant for more advanced users and Zeek distributors that may already maintain their own non-Zeekctl setups.

Looking ahead, there’s an ongoing discussion about making Zeek more beginner-friendly through default settings and determining which scripts to load by default. We’re headed towards a /etc/zeek/scripts.d directory, with every script loaded by default in non-bare mode. If this topic excites you, chime in!

As always, follow development progress on GitHub to stay current with the latest changes.

Ecosystem News

Malcolm v25.11.0 is out, with a complete rewrite of the install/configuration script, some new visualizations, and a bunch of component updates. Check the release notes for more details.
Security Onion 2.4.190 is now available and includes several new features and updated components, including Zeek.

Zeek Packages

The packages website recently underwent a major infrastructure upgrade, moving to Docker, upgrading from PHP 7 to 8, and modernizing our frameworks. Read about the technical details and improvements on Discourse.

Anyone in the community can write add-on functionality for Zeek via packages.

Browse Zeek packages: https://packages.zeek.org
Head to our zkg package manager documentation to get started on your own
Questions? Check out #package-sharing to get help

Recently added or updated packages are always visible on GitHub directly, via the following search of pull requests to our package repository:

https://github.com/zeek/packages/pulls?q=is%3Apr+is%3Aclosed

Get Involved

Share ideas or content: news@zeek.org or #security-news on Slack.
Stay connected: Discourse • YouTube • Mastodon • Bluesky • LinkedIn
Check out Leadership Team meeting notes for insider updates.
Looking for Zeek jobs? See openings on LinkedIn.

Thanks for being part of the community. We’ll see you next time!

Topic		Replies	Views
Zeek Newsletter - Issue 57 - November 2025 Announcements newsletter	1	61	December 15, 2025
Zeek Newsletter - Issue 55 - September 2025 Announcements newsletter	1	160	October 2, 2025
Zeek Newsletter - Issue 53 - July 2025 Announcements newsletter	1	105	August 7, 2025
Zeek 8.1 Development Update Announcements development , releases	1	13	December 16, 2025
Zeek Newsletter - Issue 49 - March 2025 Announcements newsletter	0	65	April 2, 2025