[Oisf-users] EVE-Log identity, facility, level
Gofran, Paul
paul.gofran at lmco.com
Mon Jun 9 16:37:43 UTC 2014
When I use eve-log, the default parameters are always used for identity, facility, and level.
ex:
A configuration of the following:
# "United" event log in JSON format
- eve-log:
enabled: yes
#file|syslog|unix_dgram|unix_stream
type: syslog
# filename: eve.json
# the following are valid when type: syslog above
identity: "suriEVE" #"suricata"
facility: local1
level: Debug ## possible levels: Emergency, Alert, Critical,
## Error, Warning, Notice, Info, Debug
types:
- alert
- http:
extended: yes # enable this for extended logging information
- dns
- tls:
extended: yes # enable this for extended logging information
- files:
force-magic: no # force logging magic on all logged files
force-md5: no # force logging of md5 checksums
#- drop
- ssh
Always results in syslog messages with identity "suricata", facility "local0" and level "Info" in my logs despite my configuration settings. Is this a known issue (didn't see one on redmine), or am I having a configuration mistake or something?
Thanks,
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140609/48c8167c/attachment.html>
More information about the Oisf-users
mailing list