[Oisf-users] Issues with suricata eve.json datagramm logging?

Cooper F. Nelson cnelson at ucsd.edu
Wed May 24 22:07:14 UTC 2017

Hi Peter/oisf-users,

I'm trying to configure suricata to send eve logs to syslog-ng via a
unix socket.  This is the relevant bit in my syslog-ng.conf:

source s_suricata { unix-dgram("/home/suri/suri_eve.sock"); };

This is the config in the suricata.yaml:

>   - eve-log:
>       enabled: yes
>       type: unix_dgram #file|syslog|unix_dgram|unix_stream
>       filename: suri_eve.sock

However I'm getting this error in the suricata logs:

> [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/home/suri/suri_eve.sock": No such device or address

Suricata is built with socket support.

Any ideas?

Cooper Nelson
IT Security - Information Technology Services
University of California San Diego
(858) 534-6487 - cnelson at ucsd.edu

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170524/2ef5b20f/attachment.sig>

More information about the Oisf-users mailing list