[Oisf-users] files-json logging versus http logging
Peter Manev
petermanev at gmail.com
Fri Apr 4 13:02:52 UTC 2014
On Fri, Apr 4, 2014 at 2:49 PM, Adnan Baykal <abaykal at gmail.com> wrote:
> if I turn on files-json logging, would that also include all the http
> connections that would be included on the http logging? if not, what would
> be excluded? I see the value in both but if I can extract the HTTP logs out
> of files-json, I would rather do that than turning both logging options.
>
>
You do not need both turned on at the same time.
You can just do in your eve.json logging section in suricata.yaml:
types:
#- alert
- http:
extended: yes
and comment out the others, aka make sure only http is uncommented.
thanks
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list