[Oisf-users] EXTERNAL: Re: EVE-Log identity, facility, level

Mon Jun 9 21:35:49 UTC 2014

Peter;

I'll fix this one.  It looks like I left out some of the config that I had
intended.

Tom

On Mon, Jun 9, 2014 at 2:03 PM, Peter Manev <petermanev at gmail.com> wrote:

> On Mon, Jun 9, 2014 at 9:58 PM, Gofran, Paul <paul.gofran at lmco.com> wrote:
> > Peter, I enabled the syslog section and did see the identity and
> facility change for my log messages.  The level still came out as "info"
> always though.  I tried the following options for level:  Debug, debug,
> "Debug", and "debug".   All came out as info.
> >
> > So correct me if I'm wrong but are there 3 related issues here?
> > 1) The eve-log parameters identity, facility, and level don't effect
> anything.  It didn't matter if I made these the same as the syslog section
> or different, they didn't take effect.
> > 2) The syslog section is not just for alerts and the identity, facility,
> and level parameters effect eve-log when it's in syslog mode.
> > 3) The level parameter is not working
> >
> > I'll be happy to try out any other test configurations if you have any
> other ideas.  If these are actual issues let me know if you want me to
> submit a bug.  Thanks for the help.
> >
> > -Paul
> >
> >
>
> Could you open a ticket for this one actually?
> I think eve.json should be able to make those changes without being
> dependent if syslog is enabled further down in the section.
>
> thanks
>
>
> --
> Regards,
> Peter Manev
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140609/11d89066/attachment-0002.html>