[Oisf-users] Several logging questions/feature request

Andreas Herz andi at geekosphere.org
Mon Aug 4 09:39:16 UTC 2014

i have some requests for the logging that aren't yet available or i just
missed them:

1. It would be nice to log more logs into the syslog, not just EVE. I
would like the drop.log for example in the syslog but the fast.log still
in it's own file.

2. Customization of the logs would be also nice, what we would like to
have is some sort of "prefix" as provided by the LOG target with
--log-prefix="FOOBAR". In the drop.log case it would be nice to have a
line with a "[IDS DROP]" prefix to help parsing the logfile to assign
specific lines.

3. It would also be nice to have the option to include the interface
information into the logs. In a scenario with several interfaces on
which a suricata in inline/IPS mode is running, it would be nice to see
on which interface a rule triggered.

4. alert-debug.log has nearly all of the informations that fast.log has,
except the "wDrop" in monitor mode, so alert-debug.log looks the same in
inline and in monitor mode. And in alert-debug.log it would be also nice
to get the interface added.

So is this already something i could achieve but didn't find or is it at
least worth to be implemented?

Andreas Herz

More information about the Oisf-users mailing list