- AMI: Ubuntu Server 20.04 LTS (HVM), SSD Volume Type - ami-04505e74c0741db8d (64-bit x86)
- Instance Type: c5n.large
- Network interfaces: Add a second interface for eth1.
- Increase storage to 16 GB
- Associate an Elastic IP with the primary network interface.
Following the instructions here: https://software.opensuse.org//download.html?project=security%3Azeek&package=zeek
echo 'deb http://download.opensuse.org/repositories/security:/zeek/xUbuntu_20.04/ /' | sudo tee /etc/apt/sources.list.d/security:zeek.list
curl -fsSL https://download.opensuse.org/repositories/security:zeek/xUbuntu_20.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/security_zeek.gpg > /dev/null
sudo apt update
sudo apt install zeeksudo apt install zkg
sudo su -
PATH=/opt/zeek/bin:$PATH zkg autoconfigsudo su -
apt install dpdk dpdk-dev cmake g++
PATH=/opt/zeek/bin:$PATH zkg install https://github.com/esnet/dpdk-plugin.git --version main --force
echo 1024 > /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages
echo 1 > /sys/module/vfio/parameters/enable_unsafe_noiommu_mode
ip link set dev ens6 down
dpdk-devbind.py --bind=vfio-pci 00:06.0sudo /opt/zeek/bin/zeek -i dpdk::auto
Example /opt/zeek/etc/node.cfg:
[logger-1]
type=logger
host=localhost
[manager]
type=manager
host=localhost
[proxy-1]
type=proxy
host=localhost
[worker-1]
type=worker
host=localhost
interface=dpdk::auto
lb_procs=8
lb_method=customzeekctl deploy
zeekctl status