[Oisf-users] Several logging questions/feature request

Ken Steele ken_steele at yahoo.com
Fri Sep 5 15:20:47 UTC 2014 

The best way to get these addressed is to create a feature request on the Suricata Redmine site for each one. That way they can be tracked, fixed and added to specific releases.


Overview - Suricata - Open Information Security Foundation
  
          
Overview - Suricata - Open Information Security Foundation
Redmine  
View on redmine.openinfosecfoundation.org Preview by Yahoo  
  

Regards,
-Ken



On Friday, September 5, 2014 3:56 AM, Andreas Herz <andi at geekosphere.org> wrote:
 


I just wanted to ask again if there is anything in progress or any
comments :)

On 04/08/14 at 11:39, Andreas Herz wrote:
> Hi,
>  
> i have some requests for the logging that aren't yet available or i just
> missed them:
> 
> 1. It would be nice to log more logs into the syslog, not just EVE. I
> would like the drop.log for example in the syslog but the fast.log still
> in it's own file.
> 
> 2. Customization of the logs would be also nice, what we would like to
> have is some sort of "prefix" as provided by the LOG target with
> --log-prefix="FOOBAR". In the drop.log case it would be nice to have a
> line with a "[IDS DROP]" prefix to help parsing the logfile to assign
> specific lines.
> 
> 3. It would also be nice to have the option to include the interface
> information into the logs. In a scenario with several interfaces on
> which a suricata in inline/IPS mode is running, it would be nice to see
> on which interface a rule triggered.
> 
> 4. alert-debug.log has nearly all of the informations that fast.log has,
> except the "wDrop" in monitor mode, so alert-debug.log looks the same in
> inline and in monitor mode. And in alert-debug.log it would be also nice
> to get the interface added.
> 
> So is this already something i could achieve but didn't find or is it at
> least worth to be implemented?
> 
> -- 
> Andreas Herz
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/


-- 
Andreas Herz
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140905/0fe2b3b9/attachment-0002.html>

More information about the Oisf-users mailing list