[Oisf-users] Suricata Logs

Alan Wanderley dos Santos alan.santos at rnp.br
Mon Jul 27 20:47:53 UTC 2015


Hi Leonard, 

I use a custom script to read fast.log and sendmail event by event. I choose work that way because we are a CSIRT, so, all incident handler is by email. 

Works fine. 

Regards, 

----------------------------------------------- 
Alan Santos 
Analista de Seguran├ža 
Centro de Atendimento a Incidentes de Seguran├ža (CAIS) 
Rede Nacional de Ensino e Pesquisa (RNP) 
(19) 3787-3314 | alan.santos at rnp.br 


De: "Leonard Jacobs" <ljacobs at netsecuris.com> 
Para: "Saxena, Samiksha" <samiksha.saxena at verizon.com>, "oisf-users" <oisf-users at lists.openinfosecfoundation.org> 
Enviadas: Segunda-feira, 27 de julho de 2015 17:39:28 
Assunto: Re: [Oisf-users] Suricata Logs 



https://redmine.openinfosecfoundation.org/projects/suricata/wiki/_Logstash_Kibana_and_Suricata_JSON_output 



https://github.com/pevma/Suricata-Logstash-Templates 



Or if you program and you want a customized application, you can write code to enter fast.log into a database then write a front end to the database to display the data. 




From: oisf-users-bounces at lists.openinfosecfoundation.org [mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of Saxena, Samiksha 
Sent: Monday, July 27, 2015 12:54 PM 
To: oisf-users 
Subject: [Oisf-users] Suricata Logs 





Hi, 





I will have more than 20 Suricata engines, where each suricata engine will generate logs based on rules. I want to collect all the logs at one common place from each suricata engine. How should I achieve this? 


Also, what is the value of the logs files and how often the logs are generated? 








Thanks 

_______________________________________________ 
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org 
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/ 
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users 
Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150727/2fb163b1/attachment-0002.html>


More information about the Oisf-users mailing list