[Oisf-users] Issues with suricata eve.json datagramm logging?
Peter Manev
petermanev at gmail.com
Fri Jun 9 06:57:13 UTC 2017
On Fri, May 26, 2017 at 11:01 PM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> After some experimenting this appears to be the best solution:
>
> (this has to be done before starting the suricata process)
>
>> # create named pipe for netcat listener
>> rm -f /home/suri/eve.json && mkfifo /home/suri/eve.json && chown suri:suri /home/suri/eve.json
>
>> # setup buffered netcat process
>> nohup buffer -b 128 -s 64kb < /home/suri/eve.json | nc $LOG_COLLECTOR 515 > /dev/null &
>
> Suricata is configured to append logs, as a file, to
> /home/suri/eve.json. The 'buffer' program reads this into an 8MB ring
> buffer and sends it to netcat, so be forwarded to a remote log collector.
>
Wanted to ask - how is that working out so far?
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list