[Oisf-users] Issues with suricata eve.json datagramm logging?
Jason Ish
lists at ish.cx
Wed May 24 22:18:03 UTC 2017
On 24/05/17 04:07 PM, Cooper F. Nelson wrote:
> Hi Peter/oisf-users,
>
> I'm trying to configure suricata to send eve logs to syslog-ng via a
> unix socket. This is the relevant bit in my syslog-ng.conf:
>
> source s_suricata { unix-dgram("/home/suri/suri_eve.sock"); };
>
> This is the config in the suricata.yaml:
>
>> - eve-log:
>> enabled: yes
>> type: unix_dgram #file|syslog|unix_dgram|unix_stream
Try "filetype" here instead of "type".
>> filename: suri_eve.sock
>
> However I'm getting this error in the suricata logs:
>
>> [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/home/suri/suri_eve.sock": No such device or address
>
> Suricata is built with socket support.
>
> Any ideas?
Also make sure the socket file exists. Its the receivers job, so in this
case syslog-ng to create the socket file.
Jason
More information about the Oisf-users
mailing list