[Oisf-devel] Log output - syslog
Martin Holste
mcholste at gmail.com
Thu Feb 13 18:38:03 UTC 2014
Writing to syslog is very important for large deployments with centralized
collection as well as saving IOPS that are spent writing to disk
unnecessarily. Syslog-NG can read JSON templates, so writing all of these
events to something like ELSA (which would be easy in SecurityOnion) would
easily enable searching and analytics based on the wealth of data produced
by the new logging framework. Dealing with events in flat files adds a lot
of complexity versus event streaming using syslog.
On Thu, Feb 13, 2014 at 11:55 AM, Victor Julien <victor at inliniac.net> wrote:
> On 02/12/2014 09:47 PM, Gofran, Paul wrote:
> > Can the log files (specifically HTTP log) natively log to the syslog
> > facility?
>
> No.
>
> > I wanted to follow up to see if this is something that is desired or
> > would be a priority? Is this something that the project would prefer
> > to accept as a patch if contributed? Or are there reasons why this
> > hasn't been included?
>
> I think it wouldn't be hard to add, but I don't think it's a big
> priority for us. That said, there are some people that ask for it, so
> I'd be happy to take a patch.
>
> > I found the following forum where this was brought up awhile ago, did
> > anything ever come of it?
> >
> > http://comments.gmane.org/gmane.comp.security.ids.oisf.user/1358
>
> I don't think so. In irc we recently discussed the topic of log file
> rotation. I think Jason Ish might be working on something there.
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate:
> http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20140213/a184d8cb/attachment-0002.html>
More information about the Oisf-devel
mailing list