<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12pt"><div style="" class=""><span style="" class="">The best way to get these addressed is to create a feature request on the Suricata Redmine site for each one. That way they can be tracked, fixed and added to specific releases.<br></span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br style="" class=""><span style="" class=""></span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><span style="" class=""><a style="" class=""
 href="https://redmine.openinfosecfoundation.org/projects/suricata">Overview - Suricata - Open Information Security Foundation</a></span></div><div style="width:450px; font-family: 'Georgia', 'Times', 'Times New Roman', 'serif';margin-top:5px; margin-bottom: 5px;" id="enhancrCard_0" class="link-enhancr-attachment link-enhancr-element" contenteditable="false"><table class="link-enhancr-element" style="width:450px; height:auto; position: relative; display: block;" border="0" cellpadding="0" cellspacing="0"><tbody><tr class="link-enhancr-element"><td class="link-enhancr-element" colspan="7" style="height: 1px; background-color: #e5e5e5; font-size: 1px; border-collapse: collapse;"><div class="link-enhancr-element" style="height: 1px; background-color: #e5e5e5; font-size: 1px; line-height:0px;"> </div></td></tr><tr class="link-enhancr-element"><td rowspan="5" class="link-enhancr-element" style="width: 1px; background-color: #e5e5e5; font-size: 1pt;
 border-collapse: collapse;"><div class="link-enhancr-element" style="width: 1px; background-color: #e5e5e5; font-size: 1pt;"> </div></td><td rowspan="5" class="link-enhancr-element" style="width: 14px; background-color: #ffffff; font-size: 0pt; border-collapse: collapse;"><div class="link-enhancr-element" style="width: 14px; background-color: #ffffff; font-size: 14pt;"> </div></td><td colspan="2" class="link-enhancr-element" style="height: 6px; background-color: #ffffff; font-size: 0pt; border-collapse: collapse;"><div class="link-enhancr-element" style="height: 6px; background-color: #ffffff; font-size: 6pt;"> </div></td><td rowspan="5" class="link-enhancr-element" style="width: 20px; background-color: #ffffff; font-size: 0pt; border-collapse: collapse;"><div class="link-enhancr-element" style="width: 20px; background-color: #ffffff; font-size: 20pt;"> </div></td><td class="link-enhancr-element" rowspan="5" style="width: 1px;
 background-color: #e5e5e5; font-size: 1pt; border-collapse: collapse;" width="1"><div class="link-enhancr-element" style="width: 1px; background-color: #e5e5e5; font-size: 1pt;"> </div></td></tr><tr><td class="link-enhancr-element" colspan="2" style="width: 100%; vertical-align: middle; font-family: 'Georgia', 'Times', 'Times New Roman', 'serif';"><div class="link-enhancr-text-part link-enhancr-element" style="line-height:16.5px; background-color: #ffffff;  width: 414px;"><div class="link-enhancr-element" style="word-wrap: break-word; word-break: break-all;"><span class="link-enhancr-element icon  icon-shrink link-enhancr-toggle"></span><span class="link-enhancr-element icon icon-close link-enhancr-delete"></span><a href="https://redmine.openinfosecfoundation.org/projects/suricata" class="link-enhancr-card-urlWrapper link-enhancr-element" style="text-decoration: none !important; color: #000000 !important; line-height: 100%; font-size: 18px;
 display: block;"><span class="link-enhancr-element link-enhancr-card-title" style="margin: 0; font-weight: normal;margin-bottom: 3px; font-size: 18px; line-height: 21px; max-height: 43px; color: #000000; overflow: hidden !important; display: inline-block;">Overview - Suricata - Open Information Security Foundation</span></a><div style="font-size: 13px; line-height: 20px; color: #999999; max-height: 81px; font-family: 'Georgia', 'Times', 'Times New Roman', 'serif';overflow: hidden;" class="link-enhancr-card-description link-enhancr-element">Redmine</div></div></div></td></tr><tr><td colspan="2" class="link-enhancr-element" style="height: 6px; background-color: #ffffff; font-size: 0pt; border-collapse: collapse;"><div class="link-enhancr-element" style="height: 6px; background-color: #ffffff; font-size: 6pt;"></div></td></tr><tr><td class="link-enhancr-element" style="vertical-align: middle; font-family: 'Arial', 'Helvetica Neue', 'Helvetica',
 'sans-serif';"><div class="link-enhancr-element" style="font-size: 0pt;"><a href="https://redmine.openinfosecfoundation.org/projects/suricata" class="link-enhancr-card-url link-enhancr-element" style="color: black; text-decoration: none !important;cursor:pointer !important;" target="_blank"><span class="link-enhancr-element link-enhancr-view-on" style="display: inline-block; line-height: 11px; max-width: 314px; min-width: 254px; overflow: hidden; max-height: 13px; word-break: break-all;"><span class="link-enhancr-element link-enhancr-mobile-no-resize" style="vertical-align:middle; font-size: 9px; line-height: 11px; color: #999999; -moz-text-size-adjust: none; -ms-text-size-adjust: none; -webkit-text-size-adjust:none; text-size-adjust:none;">View on <span style="font-weight: bold" class="link-enhancr-view-on-domain">redmine.openinfosecfoundation.org</span></span></span></a></div></td><td class="link-enhancr-element" style="vertical-align: middle; width:
 100px; font-family: 'Arial', 'Helvetica Neue', 'Helvetica', 'sans-serif';"><div class="link-enhancr-element link-enhancr-preview-wrapper" style="max-width: 100px; min-width: 80px; overflow: hidden; text-align: right; line-height: 11px; max-height: 13px; font-size: 0pt;"><span class="link-enhancr-element link-enhancr-preview-by link-enhancr-mobile-no-resize" style="vertical-align:middle; font-size: 9px; line-height: 11px; color: #999999; -moz-text-size-adjust: none; -ms-text-size-adjust: none; -webkit-text-size-adjust:none; text-size-adjust:none;">Preview by Yahoo</span></div></td></tr><tr><td colspan="2" class="link-enhancr-element" style="height: 9px; background-color: #ffffff; font-size: 0pt; border-collapse: collapse;"><div class="link-enhancr-element" style="height: 9px; background-color: #ffffff; font-size: 9pt;"></div></td></tr><tr class="link-enhancr-element"><td class="link-enhancr-element" colspan="7" style="height: 1px; background-color:
 #e5e5e5; font-size: 1px; border-collapse: collapse;"><div class="link-enhancr-element" style="height: 1px; background-color: #e5e5e5; font-size: 1px; line-height:0px"> </div></td></tr></tbody></table></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><span style="" class=""><br></span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><span style="" class="">Regards,</span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><span style="" class="">-Ken<br style="" class=""></span></div> <div
 class="qtdSeparateBR"><br><br></div><div style="display: block;" class="yahoo_quoted"> <div class="" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12pt;"> <div class="" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12pt;"> <div style="" class="" dir="ltr"> <font style="" class="" face="Arial" size="2"> On Friday, September 5, 2014 3:56 AM, Andreas Herz <andi@geekosphere.org> wrote:<br style="" class=""> </font> </div>  <br style="" class=""><br style="" class=""> <div style="" class="">I just wanted to ask again if there is anything in progress or any<br style="" class="" clear="none">comments :)<br style="" class="" clear="none"><br style="" class="" clear="none">On 04/08/14 at 11:39, Andreas Herz wrote:<br style="" class="" clear="none">> Hi,<br style="" class="" clear="none">>  <br style="" class=""
 clear="none">> i have some requests for the logging that aren't yet available or i just<br style="" class="" clear="none">> missed them:<br style="" class="" clear="none">> <br style="" class="" clear="none">> 1. It would be nice to log more logs into the syslog, not just EVE. I<br style="" class="" clear="none">> would like the drop.log for example in the syslog but the fast.log still<br style="" class="" clear="none">> in it's own file.<br style="" class="" clear="none">> <br style="" class="" clear="none">> 2. Customization of the logs would be also nice, what we would like to<br style="" class="" clear="none">> have is some sort of "prefix" as provided by the LOG target with<br style="" class="" clear="none">> --log-prefix="FOOBAR". In the drop.log case it would be nice to have a<br style="" class="" clear="none">> line with a "[IDS DROP]" prefix to help parsing the logfile to assign<br style="" class=""
 clear="none">> specific lines.<br style="" class="" clear="none">> <br style="" class="" clear="none">> 3. It would also be nice to have the option to include the interface<br style="" class="" clear="none">> information into the logs. In a scenario with several interfaces on<br style="" class="" clear="none">> which a suricata in inline/IPS mode is running, it would be nice to see<br style="" class="" clear="none">> on which interface a rule triggered.<br style="" class="" clear="none">> <br style="" class="" clear="none">> 4. alert-debug.log has nearly all of the informations that fast.log has,<br style="" class="" clear="none">> except the "wDrop" in monitor mode, so alert-debug.log looks the same in<br style="" class="" clear="none">> inline and in monitor mode. And in alert-debug.log it would be also nice<br style="" class="" clear="none">> to get the interface added.<br style="" class="" clear="none">> <br
 style="" class="" clear="none">> So is this already something i could achieve but didn't find or is it at<br style="" class="" clear="none">> least worth to be implemented?<br style="" class="" clear="none">> <br style="" class="" clear="none">> -- <br style="" class="" clear="none">> Andreas Herz<br style="" class="" clear="none">> _______________________________________________<br style="" class="" clear="none">> Suricata IDS Users mailing list: <a style="" class="" shape="rect" ymailto="mailto:oisf-users@openinfosecfoundation.org" href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br style="" class="" clear="none">> Site: <a style="" class="" shape="rect" href="http://suricata-ids.org/" target="_blank">http://suricata-ids.org </a>| Support: <a style="" class="" shape="rect" href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br style="" class=""
 clear="none">> List: <a style="" class="" shape="rect" href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br style="" class="" clear="none">> OISF: <a style="" class="" shape="rect" href="http://www.openinfosecfoundation.org/" target="_blank">http://www.openinfosecfoundation.org/</a><div style="" class="" id="yqtfd86135"><br style="" class="" clear="none"><br style="" class="" clear="none">-- <br style="" class="" clear="none">Andreas Herz<br style="" class="" clear="none">_______________________________________________<br style="" class="" clear="none">Suricata IDS Users mailing list: <a style="" class="" shape="rect" ymailto="mailto:oisf-users@openinfosecfoundation.org" href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br style="" class="" clear="none">Site: <a style="" class="" shape="rect"
 href="http://suricata-ids.org/" target="_blank">http://suricata-ids.org </a>| Support: <a style="" class="" shape="rect" href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br style="" class="" clear="none">List: <a style="" class="" shape="rect" href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br style="" class="" clear="none">OISF: <a style="" class="" shape="rect" href="http://www.openinfosecfoundation.org/" target="_blank">http://www.openinfosecfoundation.org/</a><br style="" class="" clear="none"></div><br style="" class=""><br style="" class=""></div>  </div> </div>  </div> </div></body></html>