<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /></head><body style='font-size: 10pt; font-family: Verdana,Geneva,sans-serif'>
<p>Hi</p>
<p>I have configured Suricata to use redis output and I get the following error message:</p>
<p><strong><em> <Error> - [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - Failed to parse configuration file at line 106: did not find expected key</em></strong></p>
<p>Configuration:</p>
<p>- eve-log:<br /> enabled: yes<br /> filetype: redis #regular|syslog|unix_dgram|unix_stream|redis<br /> filename: eve.json<br /> #prefix: "@cee: " # prefix to prepend to each log entry<br /> # the following are valid when type: syslog above<br /> #identity: "suricata"<br /> #facility: local5<br /> #level: Info ## possible levels: Emergency, Alert, Critical,<br /> ## Error, Warning, Notice, Info, Debug</p>
<p><br /> redis:<br /> server: 127.0.0.1<br /> port: 6379<br /> mode: list ## possible values: list (default), channel<br /> key: suricata ## key or channel to use (default to suricata)<br /> # Redis pipelining set up. This will enable to only do a query every<br /> # 'batch-size' events. This should lower the latency induced by network<br /> # connection at the cost of some memory. There is no flushing implemented<br /> # so this setting as to be reserved to high traffic suricata.<br /> # pipelining:<br /> # enabled: yes ## set enable to yes to enable query pipelining<br /> # batch-size: 10 ## number of entry to keep in buffer</p>
<p>Currently learning redis and was unable to find any official suricata documentation on how to implement suricata with redis, so got stuck trying to figure out this error. I did create the key called suricata in redis as well, so not sure why I get this error? My current understanding is that suricata will create the keys automatically when enabled in the config file but might be wrong on this.</p>
<p>Kind regards,</p>
<p>Joakim</p>
</body></html>