[Oisf-users] Searching Suricata logs
Eric Leblond
eric at regit.org
Fri Jul 14 17:30:36 UTC 2017
Hi,
On Fri, 2017-07-14 at 17:02 +0000, Charles Devoe wrote:
> I am attempting to watch the log files from suricata that are in json
> format. I specifically want to watch for errors. Can I assume all
> error conditions will have the word “error”?
If by error you mean Suricata error like engine error, you will not
find them in the eve.json file but rather in suricata.log that can also
be in json.
If ever all you logs get to a database you can look for
event_type:engine to find them.
BR,
--
Eric Leblond <eric at regit.org>
Blog: https://home.regit.org/
More information about the Oisf-users
mailing list