[Oisf-users] Just need DNS and IPS logs in json format
Blason R
blason16 at gmail.com
Mon Mar 26 08:41:27 UTC 2018
I believe this should be sufficient!!
On Sun, Mar 25, 2018 at 1:25 AM, Steve Castellarin <
steve.castellarin at gmail.com> wrote:
> This is how I log DNS activity in Suricata:
>
> outputs:
> - eve-log
> enabled: yes
> filetype: regular
> filename: eve.json
> types:
> - dns:
> query: yes
> answer: yes
>
> You just have to decide if you want to have the dns answer set to yes or
> no.
>
>
> On Sat, Mar 24, 2018 at 12:13 AM, Blason R <blason16 at gmail.com> wrote:
>
>> Hi Guys,
>>
>> I was reading through the suricata docs and found pretty exhaustive. Can
>> someone please confirm I just need DNS logs and IPS blocking logs in
>> eve.json.
>>
>> The current eve.json has lot of noise and filling up my disk space pretty
>> fast hence need to know the settings so that I can start receiving only DNS
>> and IPS logs and exclude that noise.
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>> Conference: https://suricon.net
>> Trainings: https://suricata-ids.org/training/
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180326/6f75a77e/attachment.html>
More information about the Oisf-users
mailing list