Package Details: zeek 5.0.0-1

Git Clone URL: (read-only, click to copy)
Package Base: zeek
Description: A network analysis framework
Upstream URL:
Licenses: BSD
Submitter: synnick
Maintainer: KokaKiwi
Last Packager: KokaKiwi
Votes: 4
Popularity: 0.000001
First Submitted: 2019-06-04 11:57 (UTC)
Last Updated: 2022-07-09 13:54 (UTC)

Latest Comments

bennyboersma commented on 2022-05-04 22:05 (UTC)


I cannot seem to find the configuration files like node.cfg, networks.cfg and zeekctl.cfg when using this package. Can someone point me in the right direction?

boogy commented on 2020-09-17 11:11 (UTC)

You need to change the path to the patch file as it's not installing due to a wrong path.

Replace ../../ with ../patchfile.diff

Best, Boogy

synnick commented on 2020-05-14 12:46 (UTC)

I've rolled the version back to 3.0.6 due to compilation errors encountered on an up to date arch system and gcc 10.1.0.

It's possible a 3.1.x will address the issue.

synnick commented on 2020-05-14 09:04 (UTC)

Hi Erik, Pierre

Ok, I accept the arguments. I've changed the prefix to /usr, removed the (incorrect) peg to git to prefer 3.1.3 and disabled what I could of optional pieces of the build.

The package now unpacks its ~2000 files into the following directories:

  • /usr/bin/ (9 binaries 3 soft-links)
  • /usr/include/<binpac, broker, caf, paraglob, zeek>
  • /usr/lib/zeek <- libbroker and libcaf are here
  • /usr/share/man
  • /usr/share/zeek <- .zeek scripts

eschwartz commented on 2020-05-13 20:57 (UTC)

Please convert this package to build from the latest stable release, and optionally create a second package named zeek-git which builds the latest development version from git master.

P.S. Upstream being strange and installing outside of /usr isn't a good reason to do so ourselves, furthermore, ignore their OBS package and look at the project README which doesn't list any --prefix to use.

P.P.S. Arch also does not do gratuitous split packaging, while debian as a matter of policy does. Therefore certainly don't emulate upstream's respect for debian packaging standards in their debian package by introducing debian packaging standards to archlinux.

mcd1992 commented on 2020-05-13 03:33 (UTC)

Package marked for deletion.

plt commented on 2020-02-05 14:22 (UTC)

Hi @synnick

I understand your choice, but I think the point of a Linux distribution is to be consistent: in ArchLinux, packages install under /usr. It is normal that, when installing a software using its source (as opposed to the distribution packages), you install it somewhere under /opt or /usr/local. But when installing an Archlinux or AUR package, one may expect that it installs under /usr.

My 2 cents,


synnick commented on 2020-02-05 14:16 (UTC)

Hi Pierre,

Sorry for the move of the package to /opt/zeek. I've been slowly aligning this package with the style used upstream by Johanna Amann (0xxon) on the OBS found here:

A few months ago, I actually opened a pull to include a zeek PKGBUILD and the response was to stick with /opt/zeek and further split the zeek package into a few different subcomponents (libbroker, zeekctl, zeek-core, etc, etc).

So I intend to follow that style with this PKGBUILD because it will reduce differences across OSes even if it isn't in the standard dirs.

plt commented on 2020-02-05 12:55 (UTC)


I don't think it is a good idea to move the package to /opt/zeek instead of the regular /usr, since we are building a package. Is there a particular reason for this change?



plt commented on 2019-12-19 10:34 (UTC)

Hi! You should add swig to makedepends. Thanks

synnick commented on 2019-11-04 12:02 (UTC)

Updated, thanks for catching that.

teprrr commented on 2019-11-04 11:46 (UTC)

I had to add git to makedepends to make it build instead of erroring out with "==> ERROR: Cannot find the git package needed to handle git sources.".

synnick commented on 2019-09-17 12:59 (UTC)

The argument has been removed and the version has now been bumped to 3.1.0-112-dev.

Let me know if it works. Thanks for the comment.

plt commented on 2019-09-17 10:33 (UTC)

The option "--disable-perftools" has been removed from the configure script, and causes an error. It should be removed from the PKGBUILD file.

badagent commented on 2019-06-02 07:40 (UTC)

Currently the built package is not installable, as it tries to install some dependecies in /usr/lib64 which leads to a conflict in Arch.

Patching CMAKE_INSTALL_LIBDIR into the configure File fixed this for me.

Patch (apply with git patch after checking out the repository):

mcd1992 commented on 2018-05-14 23:33 (UTC)

Should be fixed now. Looks like they added more OpenSSL version checks which link against the wrong version of libcrypto.

Torxed commented on 2018-05-13 21:25 (UTC) (edited on 2018-05-14 04:56 (UTC) by Torxed)

The fix discussed below doesn't work on x86_64. openssl-1.0 is installed.

Gives the following error:

CMake Error at cmake/OpenSSLTests.cmake:38 (message):
  OpenSSL 1.1 is not supported yet; please use OpenSSL 1.0
Call Stack (most recent call first):
  CMakeLists.txt:196 (include)

Libs installed:

[Torxed@archlinux ~]$ pacman -Q | grep openssl
lib32-openssl 1:1.1.0.h-1
openssl 1.1.0.h-1
openssl-1.0 1.0.2.o-1

Is it because you're looking for 1.0.0 but when in fact 1.0.2 is installed? Not entirely sure this is actually what's going on, but a quick glance that's why.

mcd1992 commented on 2017-05-03 04:20 (UTC)

Thanks for pointing this out. Fixed temporarily until openssl-1.1 support is added.

kotfic commented on 2017-05-02 16:15 (UTC)

Bro does not support openssl-1.1 ( installing openssl-1.0 and adding: sed -i "/^append_cache_entry DISABLE_RUBY_BINDINGS BOOL true$/a\ append_cache_entry OPENSSL_CRYPTO_LIBRARY FILEPATH /usr/lib64/\n\ append_cache_entry OPENSSL_INCLUDE_DIR PATH /usr/include/openssl-1.0\n\ append_cache_entry OPENSSL_SSL_LIBRARY FILEPATH /usr/lib64/" configure before the the call to configure fixed this issue for me.