The Zeek development team is closing in on Zeek 8.2, our final feature release in the 8.x cycle! This blog post provides a sneak peek at some of the new functionality and changes in that release. As always, this is an excellent opportunity to test-drive the upcoming release and send us any feedback you may have.
This release rounds out the new ZeroMQ support, enabled by default since 8.1, in important ways. The &publish_on_change attribute establishes a new way to propagate state across the cluster. You’re now able to encrypt ZeroMQ traffic to provide confidentiality and authenticate endpoints. We’ve also added telemetry for ZeroMQ’s cluster message volumes. We’ll say more about these, as well as several additional new features, once 8.2 is out.
We’ve introduced a number of changes and deprecations, as well. Please make sure to review them! To call out a few, the scripting language’s enum types now feature stronger typing, the Prometheus telemetry port now listens locally on 127.0.0.1 (not 0.0.0.0) by default, and we’ve fixed Zeek’s VLAN handling to properly recognize VLAN ID 0, which required changes to the Packet class’s representation of VLANs. We’ve also deprecated the remaining Broker datastore APIs. This release contains no structural log schema changes over 8.1, though the dns.log now also reports DNS NOTIFY updates as per RFC 1996.
This coming Monday, April 20, we’re going to create the 8.2 release branch and the first release candidate. As usual, we’re planning for roughly two weeks to test the RCs, incorporate your feedback, and finalize our documentation, for a potential release date of May 4. That release will mark the end of our 8.1 support, but as always we will continue to support our current long-term support version, Zeek 8.0.x, into the upcoming Zeek 9 release cycle that will launch this summer.
If you’re running Zeek clusters in production and would like to help us test our releases, we’d very much like to hear from you. While our test suites cover much of Zeek’s functionality, no two networks are alike, and we always rely on input from Zeek users and our testing group for the final go-ahead for a release. The testing group consists of community members who test our releases on a regular basis to provide feedback. It meets regularly and is an excellent way to get direct developer input and learn about new features as they land. If you’re interested in joining the group, please get in touch on Slack or email us at testing@zeek.org.
In our Zeek community call, on the first Wednesday of each month, we regularly report on feature development. We encourage you to join and ask questions! These calls are also available for later viewing on our YouTube channel.
RSS - Posts