[Oisf-users] Several logging questions/feature request
Andreas Herz
andi at geekosphere.org
Fri Sep 5 07:56:30 UTC 2014
I just wanted to ask again if there is anything in progress or any
comments :)
On 04/08/14 at 11:39, Andreas Herz wrote:
> Hi,
>
> i have some requests for the logging that aren't yet available or i just
> missed them:
>
> 1. It would be nice to log more logs into the syslog, not just EVE. I
> would like the drop.log for example in the syslog but the fast.log still
> in it's own file.
>
> 2. Customization of the logs would be also nice, what we would like to
> have is some sort of "prefix" as provided by the LOG target with
> --log-prefix="FOOBAR". In the drop.log case it would be nice to have a
> line with a "[IDS DROP]" prefix to help parsing the logfile to assign
> specific lines.
>
> 3. It would also be nice to have the option to include the interface
> information into the logs. In a scenario with several interfaces on
> which a suricata in inline/IPS mode is running, it would be nice to see
> on which interface a rule triggered.
>
> 4. alert-debug.log has nearly all of the informations that fast.log has,
> except the "wDrop" in monitor mode, so alert-debug.log looks the same in
> inline and in monitor mode. And in alert-debug.log it would be also nice
> to get the interface added.
>
> So is this already something i could achieve but didn't find or is it at
> least worth to be implemented?
>
> --
> Andreas Herz
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
--
Andreas Herz
More information about the Oisf-users
mailing list