Set up Zeek on Ubuntu

Install Zeek Dependencies

sudo apt-get install cmake make gcc g++ flex bison libpcap-dev libssl-dev python3 python3-dev python3-git python3-semantic-version swig zlib1g-dev libjemalloc-dev

Ensure all packages are up-to-date

sudo apt-get update
sudo apt-get dist-upgrade
sudo reboot

Setup Separate user for zeek

Create User

sudo groupadd zeek
sudo useradd zeek -g zeek

Set Password

sudo passwd zeek

Create separate directory

sudo mkdir /opt/zeek
sudo chown -R zeek:zeek /opt/zeek
sudo chmod 750 /opt/zeek

Compile Zeek

Switch to zeek user then download and Compile

cd
wget https://download.zeek.org/zeek-5.0.2.tar.gz
tar -xzvf zeek-5.0.2.tar.gz
cd zeek-5.0.2
./configure --prefix=/opt/zeek --enable-jemalloc --build-type=release
make
make install

Give Zeek permission to capture packets

sudo setcap cap_net_raw=eip /opt/zeek/bin/zeek
sudo setcap cap_net_raw=eip /opt/zeek/bin/capstats

References

Zeek Docs