<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Title" content="">
<meta name="Keywords" content="">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head><body bgcolor="white" lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">I am attempting to watch the log files from suricata that are in json format. I specifically want to watch for errors. Can I assume all error conditions will have the word “error”?
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Times New Roman",serif">Charles DeVoe Jr.</span></b><span style="font-family:"Times New Roman",serif"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif">Manager of Engineering<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif">Multi-State Information Sharing and Analysis Center (MS-ISAC) <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif">31 Tech Valley Drive<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif">East Greenbush, NY 12061<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif">charles.devoe@cisecurity.org<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif">(518) 266-3494<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif">7x24 Security Operations Center<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif"><a href="mailto:SOC@cisecurity.org"><span style="color:#0563C1">SOC@cisecurity.org</span></a> - 1-866-787-4722<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif"><img border="0" width="237" height="55" id="_x0000_i1029" src="cid:image001.png@01D2FCA1.70F256B0"></span><span style="font-family:"Times New Roman",serif"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif"> </span>
<a href="https://www.facebook.com/CenterforIntSec"><span style="font-family:"Times New Roman",serif;color:windowtext;text-decoration:none"><img border="0" width="32" height="33" id="_x0000_i1028" src="cid:image002.png@01D2FCA1.70F256B0" alt="id:image002.png@01D2926D.D9CF2E90"></span></a><span style="font-family:"Times New Roman",serif"> </span><a href="https://twitter.com/CISecurity"><span style="font-family:"Times New Roman",serif;color:windowtext;text-decoration:none"><img border="0" width="32" height="33" id="_x0000_i1027" src="cid:image003.png@01D2FCA1.70F256B0" alt="id:image003.png@01D2926D.D9CF2E90"></span></a><span style="font-family:"Times New Roman",serif"> </span><a href="https://www.youtube.com/user/TheCISecurity"><span style="font-family:"Times New Roman",serif;color:windowtext;text-decoration:none"><img border="0" width="32" height="33" id="_x0000_i1026" src="cid:image004.png@01D2FCA1.70F256B0" alt="id:image004.png@01D2926D.D9CF2E90"></span></a><span style="font-family:"Times New Roman",serif"> </span><a href="https://www.linkedin.com/company/the-center-for-internet-security"><span style="font-family:"Times New Roman",serif;color:windowtext;text-decoration:none"><img border="0" width="32" height="33" id="_x0000_i1025" src="cid:image005.png@01D2FCA1.70F256B0" alt="id:image005.png@01D2926D.D9CF2E90"></span></a><span style="font-family:"Times New Roman",serif"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender
immediately and permanently delete the message and any attachments.
<br /><br />. . . . .</body></html>