[Oisf-users] Sguil & Suricata Help
Jason Ish
lists at ish.cx
Mon Apr 17 02:50:52 UTC 2017
On 16/04/17 12:22 PM, Darius Fattahipour wrote:
> Hi,
>
> I've been struggling to get suricata alerts appear in Sguil. I've tried
> many different types of configurations to no avail. Here's the
> command I utilize:
>
> suricata -c /etc/nsm/pching-VM-eth1/suricata.yaml -r inside.tcpdump -F
> /etc/nsm/pching-VM-eth1/bpf-ids.conf
>
> The inside.tcpdump is a pcap file. I've also attached my suricata.yaml.
This is probably more of a Sguil issue than a Suricata issue.. But I
believe that Sguil requires the unified2 log file which you don't appear
to have enabled. Suricata won't get those events into Sguil for you
though, that is a function of Sguil.
Jason
More information about the Oisf-users
mailing list