Abstract

Introduced as a free and open-source network analysis framework and designed to function as a network security monitor (NSM), Zeek can also be used as a network intrusion detection system (NIDS) when combined with additional live network events analysis. But it lacks some features that should have come by default built-in. So to fill this gap, some features have been added to it, so that Zeek IDS becomes more useful to system administrators. This tool is being used by Fortune 500 companies, universities, and governments, and it helps them detect malicious activities. So they can prevent them from suffering a major loss that could have been caused by malicious activities. In this paper, we have troubleshot and resolved some of the problems with the Zeek network monitoring tool. Zeek's logging capability is enhanced by adding the City and Country name of IPs to the logs, filtering the noise of a particular domain, filtering the noise of a particular port, and separating Local and Remote Connection Logs into separate files.