Zeek Logo

Zeek 4.1 Release Candidate

by | Jul 22, 2021 | Release Candidate, Zeek

The Zeek development team is excited to publish a release candidate of our next feature release, Zeek 4.1. This version includes the following highlights:

  • Overhauled SSL/X509 processing to make its logging output more helpful and compact. In particular, x509.log is now indexed by the SHA256 of the certificates, with deduplication being automatically performed. By default, the same certificate is now only logged once per day, reducing log volume substantially. 
  • Support for non-TCP/IP protocol stacks. This version rearchitects Zeek’s internal session management to enable plugins to add support for protocols that are not IP-based.
  • Support for VN-Tag and Geneve decapsulation.
  • Extended OCSP logging that’s now also on by default.
  • A new Telemetry API for gathering runtime metrics, including export to Prometheus. This is still work-in-progress, and for now comes only with a low-level API. A higher-level API will follow in future versions.
  • The logging framework now provides a global policy hook, Log::log_stream_policy that can access and veto any log write. 
  • The ASCII writer gained a new option LogAscii::logdir to set the logging output directory.
  • configure gained a new --include-plugins option to specify plugins that will be statically compiled into Zeek (rather than loaded dynamically at runtime).
  • zeek -u performs static analysis on Zeek scripts to identify variables that are assigned to, but then not subsequently used (i.e., “dead code”).
  • Experimental support for translating Zeek scripts to equivalent C++ code. The generated C++ can then be compiled directly into the Zeek binary, replacing use of the interpreter and producing better runtime performance. See the compiler’s README for more. 
  • An initial (and still incomplete) version of a new cluster controller framework, along with a new command-line tool zeek-client. This is work-in-progress that will evolve over the next Zeek versions to eventually replace ZeekControl.

As always, there are many more smaller pieces going into this release as well, including varioys bug fixes. Check out NEWS for a summary and CHANGES for the exhaustive list. 

Please help us test this release candidate. Give it a try, and open a ticket if you notice anything you wouldn’t expect. There is also a Wiki page that summarizes some guidelines for testing prerelease versions of Zeek.

As a reminder, please note that all Zeek 3.x versions are out of support now, and will no longer receive any updates. Zeek 4.0 is the current LTS version that we recommend for sites prioritizing stability over new functionality.

Get Zeek
Downloads
Zeek GitHub
Add-on Packages
Try Zeek Online

Documentation
Feature Release
LTS Release
Dev Version
Dev Resources
FAQs

Community
Getting Started
Sign Up
Twitter
Youtube
Discourse
Slack
GitHub Issues
Security Reporting
Contact Us
Subgroups
Training

Events
Upcoming Events
Calendar
ZeekWeek 2022
Past Events

Blog

About About Zeek Leadership Team Code of Conduct Slack Guidelines Governance Framework Mission, Vision, Values

%d bloggers like this: