[Oisf-users] Suricata Logs

Jeremy MJ jskier at gmail.com
Mon Jul 27 18:18:16 UTC 2015

This comes up a lot. Look into a log manager or SIEM, there are a lot
out there. Logstash is a free one, but requires a bit of
configuration. I use splnuk personally and have been very happy with
it. All logs (split up by host) flow into one index and are divided up
again by sourcetype (event_type in suricata).

Most logs are in realtime btw.

Jeremy MJ

On Mon, Jul 27, 2015 at 12:53 PM, Saxena, Samiksha
<samiksha.saxena at verizon.com> wrote:
> Hi,
> I will have more than 20 Suricata engines, where each suricata engine will
> generate logs based on rules. I want to collect all the logs at one common
> place from each suricata engine. How should I achieve this?
> Also, what is the value of the logs files and how often the logs are
> generated?
> Thanks
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net

More information about the Oisf-users mailing list