[Oisf-users] Just need DNS and IPS logs in json format
Steve Castellarin
steve.castellarin at gmail.com
Sat Mar 24 19:55:45 UTC 2018
This is how I log DNS activity in Suricata:
outputs:
- eve-log
enabled: yes
filetype: regular
filename: eve.json
types:
- dns:
query: yes
answer: yes
You just have to decide if you want to have the dns answer set to yes or no.
On Sat, Mar 24, 2018 at 12:13 AM, Blason R <blason16 at gmail.com> wrote:
> Hi Guys,
>
> I was reading through the suricata docs and found pretty exhaustive. Can
> someone please confirm I just need DNS logs and IPS blocking logs in
> eve.json.
>
> The current eve.json has lot of noise and filling up my disk space pretty
> fast hence need to know the settings so that I can start receiving only DNS
> and IPS logs and exclude that noise.
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180324/bf9173c7/attachment.html>
More information about the Oisf-users
mailing list