[Oisf-users] EXTERNAL: Re: EVE-Log identity, facility, level

Peter Manev petermanev at gmail.com
Mon Jun 9 21:45:16 UTC 2014


On Mon, Jun 9, 2014 at 11:37 PM, Gofran, Paul <paul.gofran at lmco.com> wrote:
> Thanks, I just submitted #1204.  Please let me know if any more information
> is required.
>
>
>
> Thanks,
>
> Paul

Thanks Paul
>
>
>
> From: Tom DeCanio [mailto:decanio.tom at gmail.com]
> Sent: Monday, June 09, 2014 5:36 PM
> To: Peter Manev
> Cc: Gofran, Paul; oisf-users at lists.openinfosecfoundation.org
> Subject: Re: [Oisf-users] EXTERNAL: Re: EVE-Log identity, facility, level
>
>
>
> Peter;
>
> I'll fix this one.  It looks like I left out some of the config that I had
> intended.
>
> Tom

Thanks Tom

>
>
>
> On Mon, Jun 9, 2014 at 2:03 PM, Peter Manev <petermanev at gmail.com> wrote:
>
> On Mon, Jun 9, 2014 at 9:58 PM, Gofran, Paul <paul.gofran at lmco.com> wrote:
>
>> Peter, I enabled the syslog section and did see the identity and facility
>> change for my log messages.  The level still came out as "info" always
>> though.  I tried the following options for level:  Debug, debug, "Debug",
>> and "debug".   All came out as info.
>>
>> So correct me if I'm wrong but are there 3 related issues here?
>> 1) The eve-log parameters identity, facility, and level don't effect
>> anything.  It didn't matter if I made these the same as the syslog section
>> or different, they didn't take effect.
>> 2) The syslog section is not just for alerts and the identity, facility,
>> and level parameters effect eve-log when it's in syslog mode.
>> 3) The level parameter is not working
>>
>> I'll be happy to try out any other test configurations if you have any
>> other ideas.  If these are actual issues let me know if you want me to
>> submit a bug.  Thanks for the help.
>>
>> -Paul
>>
>>
>
> Could you open a ticket for this one actually?
> I think eve.json should be able to make those changes without being
> dependent if syslog is enabled further down in the section.
>
> thanks
>
>
>
> --
> Regards,
> Peter Manev
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
>



-- 
Regards,
Peter Manev



More information about the Oisf-users mailing list