[Oisf-users] Missing events when logging to more than one eve output
Konstantin Klinger
konstantin.klinger at dcso.de
Wed Oct 24 15:37:01 UTC 2018
Hello all,
we have seen some weird behavior when activating dns logging in two eve
outputs (one sending events to redis and the other one to a separate
json-file locally on the machine).
It seems that both options together aren't working as expected. The dns
log entries are only showing up in one of the eve outputs.
We are using Suricata 4.1.0-dev with DNS v2.
Is this a known issue? If yes, is it expected behavior or a bug?
Cheers,
Konstantin
--
Konstantin Klinger
Security Content Engineer
Threat Detection & Hunting (TDH)
+49 160 95476260
konstantin.klinger at dcso.de
dcso.de
blog.dcso.de
PGP: 180D C5B3 3C68 5C9A FB58 6F33 400E 5A35 3307 8D46
DCSO Deutsche Cyber-Sicherheitsorganisation GmbH • EUREF-Campus 22 •
10829 Berlin, Germany
Geschäftsführer: Dr.-Ing. Gunnar Siebert, Sitz der Gesellschaft: Berlin,
Amtsgericht Charlottenburg HRB 172382
More information about the Oisf-users
mailing list