[Oisf-users] eve fields per event type
(Lists) Jason Ish
lists at ish.cx
Fri Oct 12 23:25:04 UTC 2018
On Fri, Oct 12, 2018 at 7:23 AM Brian Kellogg <theflakes at gmail.com> wrote:
> I'm using the below link to understand Eve log format and data types.
>
> https://suricata.readthedocs.io/en/latest/output/eve/eve-json-format.html
>
> I see with 4.1 there are several changes coming for logging. Also seeing
> that all fields my not be listed in the above link.
>
> Is there a comprehensive list of all event type logs and their possible
> fields and changes forth coming in 4.1? I can chew through the code if I
> need to.
>
> Is there an estimated release date for 4.1? I know this is all devs
> favorite question so feel free to yell at me.
>
> If documentation is missing may I submit my findings anywhere to help out
> with this? Not sure if my discovery will be useful for others but I may be
> able to work around that.
>
> I apologize for any of my ignorance, new to Suricata logging.
>
There isn't really much in terms of complete documentation. I had played
with JSON schema, but its overly verbose for what I think most people are
after. For example:
https://gist.github.com/jasonish/213438593b515f09118655b4bfe85d23
I've been thinking some tabular style page with all the fields and their
possible values/types would be better for the majority of users.
Any thoughts on the matter?
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181012/48374cf2/attachment.html>
More information about the Oisf-users
mailing list