2 files changed, 31 insertions, 24 deletions

diff --git a/pkgs/applications/networking/ids/bro/default.nix b/pkgs/applications/networking/ids/bro/default.nix
deleted file mode 100644
index f90457ba9379..000000000000
--- a/pkgs/applications/networking/ids/bro/default.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{stdenv, fetchurl, cmake, flex, bison, openssl, libpcap, perl, zlib, file, curl
-, geoip, gperftools, python, swig }:
-
-stdenv.mkDerivation rec {
-  name = "bro-2.5.5";
-
-  src = fetchurl {
-    url = "https://www.bro.org/downloads/${name}.tar.gz";
-    sha256 = "1kvkiq8jjsqryry9jd4vw45pbfb46jly988mq62mv4sd1fqsxwhq";
-  };
-
-  nativeBuildInputs = [ cmake flex bison file ];
-  buildInputs = [ openssl libpcap perl zlib curl geoip gperftools python swig ];
-
-  enableParallelBuilding = true;
-
-  meta = with stdenv.lib; {
-    description = "Powerful network analysis framework much different from a typical IDS";
-    homepage = https://www.bro.org/;
-    license = licenses.bsd3;
-    maintainers = with maintainers; [ pSub ];
-    platforms = with platforms; linux;
-  };
-}
diff --git a/pkgs/applications/networking/ids/zeek/default.nix b/pkgs/applications/networking/ids/zeek/default.nix
new file mode 100644
index 000000000000..b087a6c3ae32
--- /dev/null
+++ b/pkgs/applications/networking/ids/zeek/default.nix
@@ -0,0 +1,31 @@
+{stdenv, fetchurl, cmake, flex, bison, openssl, libpcap, zlib, file, curl
+, libmaxminddb, gperftools, python, swig, rocksdb }:
+
+stdenv.mkDerivation rec {
+  pname = "zeek";
+  version = "3.0.0";
+
+  src = fetchurl {
+    url = "https://www.zeek.org/downloads/zeek-${version}.tar.gz";
+    sha256 = "16pz5fh0z1hmvhn8pxqmdm5a9d8mqrp4gxpxkaywnaqk2h598lmm";
+  };
+
+  nativeBuildInputs = [ cmake flex bison file ];
+  buildInputs = [ openssl libpcap zlib curl libmaxminddb gperftools python swig rocksdb ];
+
+  enableParallelBuilding = true;
+
+  cmakeFlags = [
+    "-DPY_MOD_INSTALL_DIR=${placeholder "out"}/${python.sitePackages}"
+    "-DENABLE_PERFTOOLS=true"
+    "-DINSTALL_AUX_TOOLS=true"
+  ];
+
+  meta = with stdenv.lib; {
+    description = "Powerful network analysis framework much different from a typical IDS";
+    homepage = "https://www.zeek.org";
+    license = licenses.bsd3;
+    maintainers = with maintainers; [ pSub marsam tobim ];
+    platforms = platforms.unix;
+  };
+}