[Oisf-users] Suricata Unified2 alert
Jason Ish
lists at unx.ca
Sat Mar 18 18:40:18 UTC 2017
On Sat, Mar 18, 2017 at 12:19 PM, Cane Kostovski <trekjunky at gmail.com>
wrote:
> How do I read the alert? I tried "tail /var/log/suricata/unified2.alert.number,
> but it showed gibberish...
>
I wouldn't bother with unified2 unless you have a specific requirement for
it. Instead check out the eve log, "tail -f /var/log/suricata/eve.log".
All recent versions of Suricata can with it enabled by default.
Alternatively look at the fast log (/var/log/suricata/fast.log). Both
fast and eve are text. Unified2 is a binary format.
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170318/94a27f64/attachment-0002.html>
More information about the Oisf-users
mailing list