[Oisf-users] Sguil & Suricata Help
Darius Fattahipour
fattahipour at yahoo.com
Mon Apr 17 03:08:47 UTC 2017
Thank you -- that was very helpful!
From: Jason Ish <lists at ish.cx>
To: oisf-users at lists.openinfosecfoundation.org
Sent: Sunday, April 16, 2017 7:50 PM
Subject: Re: [Oisf-users] Sguil & Suricata Help
On 16/04/17 12:22 PM, Darius Fattahipour wrote:
> Hi,
>
> I've been struggling to get suricata alerts appear in Sguil. I've tried
> many different types of configurations to no avail. Here's the
> command I utilize:
>
> suricata -c /etc/nsm/pching-VM-eth1/suricata.yaml -r inside.tcpdump -F
> /etc/nsm/pching-VM-eth1/bpf-ids.conf
>
> The inside.tcpdump is a pcap file. I've also attached my suricata.yaml.
This is probably more of a Sguil issue than a Suricata issue.. But I
believe that Sguil requires the unified2 log file which you don't appear
to have enabled. Suricata won't get those events into Sguil for you
though, that is a function of Sguil.
Jason
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170417/8c525965/attachment-0002.html>
More information about the Oisf-users
mailing list