[Oisf-users] EXTERNAL: Re: EVE-Log identity, facility, level
Peter Manev
petermanev at gmail.com
Mon Jun 9 21:45:16 UTC 2014
On Mon, Jun 9, 2014 at 11:37 PM, Gofran, Paul <paul.gofran at lmco.com> wrote:
> Thanks, I just submitted #1204. Please let me know if any more information
> is required.
>
>
>
> Thanks,
>
> Paul
Thanks Paul
>
>
>
> From: Tom DeCanio [mailto:decanio.tom at gmail.com]
> Sent: Monday, June 09, 2014 5:36 PM
> To: Peter Manev
> Cc: Gofran, Paul; oisf-users at lists.openinfosecfoundation.org
> Subject: Re: [Oisf-users] EXTERNAL: Re: EVE-Log identity, facility, level
>
>
>
> Peter;
>
> I'll fix this one. It looks like I left out some of the config that I had
> intended.
>
> Tom
Thanks Tom
>
>
>
> On Mon, Jun 9, 2014 at 2:03 PM, Peter Manev <petermanev at gmail.com> wrote:
>
> On Mon, Jun 9, 2014 at 9:58 PM, Gofran, Paul <paul.gofran at lmco.com> wrote:
>
>> Peter, I enabled the syslog section and did see the identity and facility
>> change for my log messages. The level still came out as "info" always
>> though. I tried the following options for level: Debug, debug, "Debug",
>> and "debug". All came out as info.
>>
>> So correct me if I'm wrong but are there 3 related issues here?
>> 1) The eve-log parameters identity, facility, and level don't effect
>> anything. It didn't matter if I made these the same as the syslog section
>> or different, they didn't take effect.
>> 2) The syslog section is not just for alerts and the identity, facility,
>> and level parameters effect eve-log when it's in syslog mode.
>> 3) The level parameter is not working
>>
>> I'll be happy to try out any other test configurations if you have any
>> other ideas. If these are actual issues let me know if you want me to
>> submit a bug. Thanks for the help.
>>
>> -Paul
>>
>>
>
> Could you open a ticket for this one actually?
> I think eve.json should be able to make those changes without being
> dependent if syslog is enabled further down in the section.
>
> thanks
>
>
>
> --
> Regards,
> Peter Manev
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
>
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list