[Oisf-devel] Log output - syslog
Jason Ish
lists at unx.ca
Thu Feb 13 18:33:53 UTC 2014
On Thu, Feb 13, 2014 at 11:55 AM, Victor Julien <victor at inliniac.net> wrote:
> On 02/12/2014 09:47 PM, Gofran, Paul wrote:
>> Can the log files (specifically HTTP log) natively log to the syslog
>> facility?
>
> No.
>
>> I wanted to follow up to see if this is something that is desired or
>> would be a priority? Is this something that the project would prefer
>> to accept as a patch if contributed? Or are there reasons why this
>> hasn't been included?
>
> I think it wouldn't be hard to add, but I don't think it's a big
> priority for us. That said, there are some people that ask for it, so
> I'd be happy to take a patch.
One option is to use logstash, it has a syslog output, but it might
not be desirable to add and program for doing this.
>
>> I found the following forum where this was brought up awhile ago, did
>> anything ever come of it?
>>
>> http://comments.gmane.org/gmane.comp.security.ids.oisf.user/1358
>
> I don't think so. In irc we recently discussed the topic of log file
> rotation. I think Jason Ish might be working on something there.
Yes, I've started implementing SIGHUP style rotation, so you can have
logrotate rename (instead of copy) the log files, then send a Suricata
a SIGHUP to re-open. I've implemented this the new eve log as well as
fast, I do plan to cover the rest as well.
I'm also a fan of the unified2 rollover style where Suricata adds a
timestamp to the end of the filenames and opens a new file when the
current one hits a size limit. So I plan on implementing that as
well.
Jason
More information about the Oisf-devel
mailing list