[Oisf-users] Suricata with redis
Joakim Wahlgren
joakim at wahlgren.jp.net
Fri Jul 22 14:58:55 UTC 2016
Hi
I have configured Suricata to use redis output and I get the following
error message:
_ <ERROR> - [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - FAILED TO PARSE
CONFIGURATION FILE AT LINE 106: DID NOT FIND EXPECTED KEY_
Configuration:
- eve-log:
enabled: yes
filetype: redis #regular|syslog|unix_dgram|unix_stream|redis
filename: eve.json
#prefix: "@cee: " # prefix to prepend to each log entry
# the following are valid when type: syslog above
#identity: "suricata"
#facility: local5
#level: Info ## possible levels: Emergency, Alert, Critical,
## Error, Warning, Notice, Info, Debug
redis:
server: 127.0.0.1
port: 6379
mode: list ## possible values: list (default), channel
key: suricata ## key or channel to use (default to suricata)
# Redis pipelining set up. This will enable to only do a query every
# 'batch-size' events. This should lower the latency induced by network
# connection at the cost of some memory. There is no flushing
implemented
# so this setting as to be reserved to high traffic suricata.
# pipelining:
# enabled: yes ## set enable to yes to enable query pipelining
# batch-size: 10 ## number of entry to keep in buffer
Currently learning redis and was unable to find any official suricata
documentation on how to implement suricata with redis, so got stuck
trying to figure out this error. I did create the key called suricata in
redis as well, so not sure why I get this error? My current
understanding is that suricata will create the keys automatically when
enabled in the config file but might be wrong on this.
Kind regards,
Joakim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160722/a9dadf22/attachment.html>
More information about the Oisf-users
mailing list