[Oisf-users] EVE-Log identity, facility, level

Gofran, Paul paul.gofran at lmco.com
Mon Jun 9 16:37:43 UTC 2014


When I use eve-log, the default parameters are always used for identity, facility, and level.

ex:
A configuration of the following:
  # "United" event log in JSON format
  - eve-log:
      enabled: yes
      #file|syslog|unix_dgram|unix_stream
      type: syslog
      # filename: eve.json
      # the following are valid when type: syslog above
      identity: "suriEVE" #"suricata"
      facility: local1
      level: Debug ## possible levels: Emergency, Alert, Critical,
                   ## Error, Warning, Notice, Info, Debug
      types:
        - alert
        - http:
            extended: yes     # enable this for extended logging information
        - dns
        - tls:
            extended: yes     # enable this for extended logging information
        - files:
            force-magic: no   # force logging magic on all logged files
            force-md5: no     # force logging of md5 checksums
        #- drop
        - ssh



Always results in syslog messages with identity "suricata", facility "local0" and level "Info" in my logs despite my configuration settings.  Is this a known issue (didn't see one on redmine), or am I having a configuration mistake or something?

Thanks,
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140609/48c8167c/attachment.html>


More information about the Oisf-users mailing list