[Oisf-users] Output FAST formatted logs to syslog?
Victor Julien
lists at inliniac.net
Thu May 14 07:42:41 UTC 2015
On 05/14/2015 12:24 AM, Duane Howard wrote:
> Trying to figure out if the best way to syslog Snort/fast style alerts
> from Suricata is to output to a file, and configure syslog to pick that
> up, since suricata.yaml doesn't seem to allow 'syslog' as a target, like
> Eve does.
>
> fast:
> filetype: 'regular', 'unix_stream' or 'unix_dgram'
>
> Eve:
> type: file #file|*syslog*|unix_dgram|unix_stream
> -- additional syslog options here.
>
> Any other hacks or workarounds that I should be aware of? Why isn't
> syslog a supported output mechanism for fast type alerts?
What about:
# a line based alerts log similar to fast.log into syslog
- syslog:
enabled: no
#identity: "suricata"
facility: local5
#level: Info ## possible levels: Emergency, Alert, Critical,
## Error, Warning, Notice, Info, Debug
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list