[Oisf-users] A few questions / issues about the last 2 0dev. version
Peter Manev
petermanev at gmail.com
Fri Dec 6 06:14:38 UTC 2013
On Thu, Dec 5, 2013 at 2:46 PM, Stefan Sabolowitsch
<Stefan.Sabolowitsch at felten-group.com> wrote:
> Sorry the first (noise) E-Mail i was a little too fast, here my questions:
>
> If i enable dns, http and files-json logfile, a fast.log will never generated (OK ?).
I just run the same setup (enable dns, http and files-json logfile,
fast.log) the latest git - 2.0dev (rev eaff01a)
and there is no problem - all logfiles populate with data.
>
> I checked the files-json logfile and would like to suggest the following.
> Wouldn't it be better to use these field names
>
> src_ip, dst_ip, src_port, dst_port (instead srcip etc.)
>
> A lot of logger collectors use this naming (logstash, slpunk etc.) .
Suricata 2.0 is planned with all JSON output capability which would
enable easy and default parsing from tools like Logstash.
You could get some ideas from here:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/_Logstash_Kibana_and_Suricata_JSON_output
https://home.regit.org/2013/10/logstash-and-suricata-for-the-old-guys/
thanks
>
> thx
> Stefan
>
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list