[Oisf-users] files-json logging versus http logging
Peter Manev
petermanev at gmail.com
Fri Apr 4 13:07:58 UTC 2014
On Fri, Apr 4, 2014 at 3:02 PM, Peter Manev <petermanev at gmail.com> wrote:
> On Fri, Apr 4, 2014 at 2:49 PM, Adnan Baykal <abaykal at gmail.com> wrote:
>> if I turn on files-json logging, would that also include all the http
>> connections that would be included on the http logging? if not, what would
>> be excluded? I see the value in both but if I can extract the HTTP logs out
>> of files-json, I would rather do that than turning both logging options.
>>
>>
>
> You do not need both turned on at the same time.
> You can just do in your eve.json logging section in suricata.yaml:
> types:
> #- alert
> - http:
> extended: yes
> and comment out the others, aka make sure only http is uncommented.
>
> thanks
correction !
I misread your question, apologize
If you are using Suricata 2.0 you can turn on file logging from
eve.json and/or use files-json.
that would include the http connections as well , but just for that
particular file - not all http logging.
You can then enable the json http logging as well (the eve.json
section) if you wish.
thanks
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list