diff --git a/pkgs/applications/networking/ids/bro/default.nix b/pkgs/applications/networking/ids/bro/default.nix
deleted file mode 100644
index f90457ba9379..000000000000
--- a/pkgs/applications/networking/ids/bro/default.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{stdenv, fetchurl, cmake, flex, bison, openssl, libpcap, perl, zlib, file, curl
-, geoip, gperftools, python, swig }:
-
-stdenv.mkDerivation rec {
-  name = "bro-2.5.5";
-
-  src = fetchurl {
-    url = "https://www.bro.org/downloads/${name}.tar.gz";
-    sha256 = "1kvkiq8jjsqryry9jd4vw45pbfb46jly988mq62mv4sd1fqsxwhq";
-  };
-
-  nativeBuildInputs = [ cmake flex bison file ];
-  buildInputs = [ openssl libpcap perl zlib curl geoip gperftools python swig ];
-
-  enableParallelBuilding = true;
-
-  meta = with stdenv.lib; {
-    description = "Powerful network analysis framework much different from a typical IDS";
-    homepage = https://www.bro.org/;
-    license = licenses.bsd3;
-    maintainers = with maintainers; [ pSub ];
-    platforms = with platforms; linux;
-  };
-}
diff --git a/pkgs/applications/networking/ids/zeek/default.nix b/pkgs/applications/networking/ids/zeek/default.nix
new file mode 100644
index 000000000000..b087a6c3ae32
--- /dev/null
+++ b/pkgs/applications/networking/ids/zeek/default.nix
@@ -0,0 +1,31 @@
+{stdenv, fetchurl, cmake, flex, bison, openssl, libpcap, zlib, file, curl
+, libmaxminddb, gperftools, python, swig, rocksdb }:
+
+stdenv.mkDerivation rec {
+  pname = "zeek";
+  version = "3.0.0";
+
+  src = fetchurl {
+    url = "https://www.zeek.org/downloads/zeek-${version}.tar.gz";
+    sha256 = "16pz5fh0z1hmvhn8pxqmdm5a9d8mqrp4gxpxkaywnaqk2h598lmm";
+  };
+
+  nativeBuildInputs = [ cmake flex bison file ];
+  buildInputs = [ openssl libpcap zlib curl libmaxminddb gperftools python swig rocksdb ];
+
+  enableParallelBuilding = true;
+
+  cmakeFlags = [
+    "-DPY_MOD_INSTALL_DIR=${placeholder "out"}/${python.sitePackages}"
+    "-DENABLE_PERFTOOLS=true"
+    "-DINSTALL_AUX_TOOLS=true"
+  ];
+
+  meta = with stdenv.lib; {
+    description = "Powerful network analysis framework much different from a typical IDS";
+    homepage = "https://www.zeek.org";
+    license = licenses.bsd3;
+    maintainers = with maintainers; [ pSub marsam tobim ];
+    platforms = platforms.unix;
+  };
+}
diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
index 7c6cdb8b1a39..a6b4c2db0f8d 100644
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@@ -48,6 +48,7 @@ mapAliases ({
   bar-xft = lemonbar-xft;  # added 2015-01-16
   bashCompletion = bash-completion; # Added 2016-09-28
   bridge_utils = bridge-utils;  # added 2015-02-20
+  bro = zeek; # added 2019-09-29
   btrfsProgs = btrfs-progs; # added 2016-01-03
   bittorrentSync = throw "bittorrentSync has been deprecated by resilio-sync."; # added 2019-06-03
   bittorrentSync14 = throw "bittorrentSync14 has been deprecated by resilio-sync."; # added 2019-06-03
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 2ef9fd0aa52a..edd23dfd7916 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -1198,10 +1198,6 @@ in
 
   brltty = callPackage ../tools/misc/brltty { };
 
-  bro = callPackage ../applications/networking/ids/bro {
-    openssl = openssl_1_0_2;
-  };
-
   brook = callPackage ../tools/networking/brook { };
 
   broot = callPackage ../tools/misc/broot { };
@@ -2842,6 +2838,8 @@ in
 
   zabbixctl = callPackage ../tools/misc/zabbixctl { };
 
+  zeek = callPackage ../applications/networking/ids/zeek { };
+
   zzuf = callPackage ../tools/security/zzuf { };
 
   ### DEVELOPMENT / EMSCRIPTEN