[Oisf-users] EVE-Log identity, facility, level
Peter Manev
petermanev at gmail.com
Mon Jun 9 17:54:39 UTC 2014
On Mon, Jun 9, 2014 at 6:37 PM, Gofran, Paul <paul.gofran at lmco.com> wrote:
> When I use eve-log, the default parameters are always used for identity,
> facility, and level.
>
>
>
> ex:
>
> A configuration of the following:
>
> # "United" event log in JSON format
>
> - eve-log:
>
> enabled: yes
>
> #file|syslog|unix_dgram|unix_stream
>
> type: syslog
>
> # filename: eve.json
>
> # the following are valid when type: syslog above
>
> identity: "suriEVE" #"suricata"
>
> facility: local1
>
> level: Debug ## possible levels: Emergency, Alert, Critical,
>
> ## Error, Warning, Notice, Info, Debug
>
> types:
>
> - alert
>
> - http:
>
> extended: yes # enable this for extended logging information
>
> - dns
>
> - tls:
>
> extended: yes # enable this for extended logging information
>
> - files:
>
> force-magic: no # force logging magic on all logged files
>
> force-md5: no # force logging of md5 checksums
>
> #- drop
>
> - ssh
>
>
>
>
>
>
>
> Always results in syslog messages with identity “suricata”, facility
> “local0” and level “Info” in my logs despite my configuration settings. Is
> this a known issue (didn’t see one on redmine), or am I having a
> configuration mistake or something?
>
>
>
> Thanks,
>
> Paul
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
Can you reproduce that consistently?
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list