Zeek is a passive, open-source network traffic analyzer. It is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Zeek supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting.
Zeek is meant to be a companion to Suricata in DetectionLab. Suricata excels at signature based detections and PCAP analysis while Zeek is excellent for connection logging, protocol analysis, and other monitoring and analysis tasks.
/opt/zeekSplunk:
index=zeek