110 lines
2.9 KiB
Groff
110 lines
2.9 KiB
Groff
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.46.4.
|
|
.TH ZEEKCTL "8" "November 2014" "" "System Administration Utilities"
|
|
.SH NAME
|
|
.B zeekctl
|
|
\- interactive shell for managing Zeek installations
|
|
.SH SYNOPSIS
|
|
.B zeekctl
|
|
[\fIcommand\fR]
|
|
|
|
.SH DESCRIPTION
|
|
.B zeekctl
|
|
is an interactive interface for managing either a standalone or a Zeek cluster
|
|
installation. If a \fBzeekctl\fR command is specified directly on the
|
|
command-line, then \fBzeekctl\fR performs the action associated with
|
|
that command immediately (instead of running the interactive interface).
|
|
|
|
Before actually running
|
|
.B zeekctl
|
|
you first need to edit the \fBzeekctl.cfg\fR, \fBnode.cfg\fR, and
|
|
\fBnetworks.cfg\fR files. In the \fBzeekctl.cfg\fR file, you should
|
|
review the \fBzeekctl\fR options and make sure the options are set
|
|
correctly for your environment. Next, edit the \fBnode.cfg\fR
|
|
file and specify the nodes that you will be running. Finally, edit
|
|
the \fBnetworks.cfg\fR file and list each network that is considered
|
|
local to the monitored environment (see the examples
|
|
in the file for the format to use).
|
|
|
|
When running \fBzeekctl\fR for the first time, you must run the \fBzeekctl\fR
|
|
\fBdeploy\fR command before running any other commands in order to apply the
|
|
configuration settings. You must also run \fBzeekctl deploy\fR each time
|
|
you change the configuration (including any Zeek scripts) or upgrade Zeek.
|
|
.SH OPTIONS
|
|
.TP
|
|
\fBcapstats\fR [<nodes>] [<secs>]
|
|
Report interface statistics with capstats
|
|
.TP
|
|
\fBcheck\fR [<nodes>]
|
|
Check configuration before installing it
|
|
.TP
|
|
\fBcleanup\fR [\-\-all] [<nodes>]
|
|
Delete working dirs (flush state) on nodes
|
|
.TP
|
|
\fBconfig\fR
|
|
Print zeekctl configuration
|
|
.TP
|
|
\fBcron\fR [\-\-no\-watch]
|
|
Perform jobs intended to run from cron
|
|
.TP
|
|
\fBcron\fR enable|disable|?
|
|
Enable/disable "cron" jobs
|
|
.TP
|
|
\fBdeploy\fR
|
|
Check, install, and restart
|
|
.TP
|
|
\fBdf\fR [<nodes>]
|
|
Print nodes' current disk usage
|
|
.TP
|
|
\fBdiag\fR [<nodes>]
|
|
Output diagnostics for nodes
|
|
.TP
|
|
\fBexec\fR <shell cmd>
|
|
Execute shell command on all hosts
|
|
.TP
|
|
\fBexit\fR
|
|
Exit from the interactive interface
|
|
.TP
|
|
\fBinstall\fR
|
|
Update zeekctl installation/configuration
|
|
.TP
|
|
\fBnetstats\fR [<nodes>]
|
|
Print nodes' current packet counters
|
|
.TP
|
|
\fBnodes\fR
|
|
Print node configuration
|
|
.TP
|
|
\fBpeerstatus\fR [<nodes>]
|
|
Print status of nodes' remote connections
|
|
.TP
|
|
\fBprint\fR <id> [<nodes>]
|
|
Print values of script variable at nodes
|
|
.TP
|
|
\fBprocess\fR <trace> [<op>] [\-\- <sc>]
|
|
Run Zeek (with options and scripts) on trace
|
|
.TP
|
|
\fBrestart\fR [\-\-clean] [<nodes>]
|
|
Stop and then restart processing
|
|
.TP
|
|
\fBscripts\fR [\-c] [<nodes>]
|
|
List the Zeek scripts the nodes will load
|
|
.TP
|
|
\fBstart\fR [<nodes>]
|
|
Start processing
|
|
.TP
|
|
\fBstatus\fR [<nodes>]
|
|
Summarize node status
|
|
.TP
|
|
\fBstop\fR [<nodes>]
|
|
Stop processing
|
|
.TP
|
|
\fBtop\fR [<nodes>]
|
|
Show Zeek processes ala top
|
|
.PP
|
|
Commands provided by plugins:
|
|
.TP
|
|
\fBps.zeek\fR [<nodes>]
|
|
Show Zeek processes on nodes' systems
|
|
.SH AUTHOR
|
|
.B zeekctl
|
|
was written by The Zeek Project <info@zeek.org>.
|