[Oisf-users] Issues with suricata eve.json datagramm logging?
Cooper F. Nelson
cnelson at ucsd.edu
Wed May 24 22:07:14 UTC 2017
Hi Peter/oisf-users,
I'm trying to configure suricata to send eve logs to syslog-ng via a
unix socket. This is the relevant bit in my syslog-ng.conf:
source s_suricata { unix-dgram("/home/suri/suri_eve.sock"); };
This is the config in the suricata.yaml:
> - eve-log:
> enabled: yes
> type: unix_dgram #file|syslog|unix_dgram|unix_stream
> filename: suri_eve.sock
However I'm getting this error in the suricata logs:
> [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/home/suri/suri_eve.sock": No such device or address
Suricata is built with socket support.
Any ideas?
--
Cooper Nelson
IT Security - Information Technology Services
University of California San Diego
(858) 534-6487 - cnelson at ucsd.edu
https://cybersecurity.ucsd.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170524/2ef5b20f/attachment.sig>
More information about the Oisf-users
mailing list