[Oisf-users] Searching Suricata logs
Eric Leblond
eric at regit.org
Sat Jul 15 16:18:22 UTC 2017
Hi,
On Fri, 2017-07-14 at 17:52 +0000, Charles Devoe wrote:
> I am looking for just the errors. In Splunk it parses as such. I
> would like to know if I search for either error or ERR that I will
> get all errors.
>
> engine: { [-]
> error: SC_ERR_NO_RULES_LOADED
> error_code: 43
> message: 1 rule files specified, but no rule was loaded at all!
All errors will have 'error' field set so you can match on this.
BR,
--
Eric Leblond <eric at regit.org>
Blog: https://home.regit.org/
More information about the Oisf-users
mailing list