参考：https://www.cnblogs.com/networking/p/14929631.html
zeek官方手册：https://docs.zeek.org/en/v4.2.0/

技巧

加速下载

linux

参考：https://segmentfault.com/a/1190000039686752
如何测试在终端有没有走代理呢？如果输入一下命令返回了谷歌的页面，则表示走代理成功

curl -vv https://www.google.com

Windows

Windows大同小异，把export换成set即可

环境变量问题

参考：https://www.cnblogs.com/senlinyang/p/9431855.html
本来想配置环境变量的，看网上和博客上很多说改/etc/profile，然后source /etc/profile之后就可以永久保存使环境变量生效，但是终端一关闭，就环境变量就失效了，其他终端也用不了。网上有说在当前用户目录下创建.bash_profile文件，编写环境变量，然后执行命令source ~/.bash_profile之后就能使这个用户永久生效。但是还是和之前/etc/profile一样，失效了。
解决办法：
在~/.bashrc文件里改环境配置，source ~/.bashrc，最后终于关闭这个终端也有效了。。。

在kali中，需要修改source ~/.zshrc

安装

依赖环境

可能会遇到这个问题，我这里手动修改了报错的文件‘

┌──(root㉿kali)-[/usr/…/legion/ui/models/zeek]
└─# apt-get install cmake make gcc g++ flex bison libpcap-dev libssl-dev python3 python3-dev swig zlib1g-dev
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
bison is already the newest version (2:3.8.2+dfsg-1).
cmake is already the newest version (3.22.1-1+b1).
flex is already the newest version (2.6.4-8).
g++ is already the newest version (4:11.2.0-2).
gcc is already the newest version (4:11.2.0-2).
libpcap-dev is already the newest version (1.10.1-4).
libssl-dev is already the newest version (1.1.1n-1).
make is already the newest version (4.3-4.1).
python3 is already the newest version (3.9.8-1).
python3-dev is already the newest version (3.9.8-1).
swig is already the newest version (4.0.2-2).
zlib1g-dev is already the newest version (1:1.2.11.dfsg-2).
0 upgraded, 0 newly installed, 0 to remove and 655 not upgraded.
┌──(root㉿kali)-[/usr/…/legion/ui/models/zeek]
└─# apt-get install gnupg curl
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
curl is already the newest version (7.81.0-1).
gnupg is already the newest version (2.2.27-3).
0 upgraded, 0 newly installed, 0 to remove and 655 not upgraded.
┌──(root㉿kali)-[/usr/…/legion/ui/models/zeek]
└─# apt install -y automake make g++ bison flex libelf-dev libssl-dev bc
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
automake is already the newest version (1:1.16.5-1.3).
bc is already the newest version (1.07.1-3+b1).
bison is already the newest version (2:3.8.2+dfsg-1).
flex is already the newest version (2.6.4-8).
g++ is already the newest version (4:11.2.0-2).
libelf-dev is already the newest version (0.186-1).
libssl-dev is already the newest version (1.1.1n-1).
make is already the newest version (4.3-4.1).
0 upgraded, 0 newly installed, 0 to remove and 655 not upgraded.
┌──(root㉿kali)-[/usr/…/legion/ui/models/zeek]
└─# apt-get install python3-git python3-semantic-version  
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
python3-git is already the newest version (3.1.24-1).
python3-semantic-version is already the newest version (2.8.5-1).
0 upgraded, 0 newly installed, 0 to remove and 655 not upgraded.
┌──(root㉿kali)-[/usr/share/legion/ui/models]
└─# git clone --recursive https://github.com/zeek/zeek
Cloning into 'zeek'...
remote: Enumerating objects: 188401, done.
remote: Counting objects: 100% (790/790), done.
remote: Compressing objects: 100% (478/478), done.
remote: Total 188401 (delta 463), reused 495 (delta 274), pack-reused 187611
Receiving objects: 100% (188401/188401), 117.71 MiB | 17.01 MiB/s, done.
Resolving deltas: 100% (137248/137248), done.
Submodule 'auxil/bifcl' (https://github.com/zeek/bifcl) registered for path 'auxil/bifcl'
Submodule 'auxil/binpac' (https://github.com/zeek/binpac) registered for path 'auxil/binpac'

编译

root@Zeek:~# cd zeek
root@Zeek:~#./configure
root@Zeek:~#make
root@Zeek:~#make install

增加zeek环境变量

临时增加环境变量（不推荐）

[root@Zeek ~]# vim /etc/profile
在末尾增加
export PATH=/usr/local/zeek/bin:$PATH
[root@Zeek ~]# source /etc/profile

永久增加环境变量（推荐）

运行