[Oisf-users] Output FAST formatted logs to syslog?

Andreas Moe moe.andreas at gmail.com
Wed May 13 22:26:23 UTC 2015


You could use unified2 logging and barnyard2 to parse them. Then you could
get it to syslog, and also the associated packet for that alert.
14. mai 2015 00:24 skrev "Duane Howard" <duane.security at gmail.com>:

> Trying to figure out if the best way to syslog Snort/fast style alerts
> from Suricata is to output to a file, and configure syslog to pick that up,
> since suricata.yaml doesn't seem to allow 'syslog' as a target, like Eve
> does.
>
> fast:
> filetype: 'regular', 'unix_stream' or 'unix_dgram'
>
> Eve:
> type: file #file|*syslog*|unix_dgram|unix_stream
> -- additional syslog options here.
>
> Any other hacks or workarounds that I should be aware of? Why isn't syslog
> a supported output mechanism for fast type alerts?
>
> ./d
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona:
> http://oisfevents.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150514/3fd1bef1/attachment-0002.html>


More information about the Oisf-users mailing list