[Oisf-users] Missing events when logging to more than one eve output
Victor Julien
lists at inliniac.net
Wed Oct 24 19:25:40 UTC 2018
On 24-10-18 17:37, Konstantin Klinger wrote:
> we have seen some weird behavior when activating dns logging in two eve
> outputs (one sending events to redis and the other one to a separate
> json-file locally on the machine).
>
> It seems that both options together aren't working as expected. The dns
> log entries are only showing up in one of the eve outputs.
>
> We are using Suricata 4.1.0-dev with DNS v2.
>
> Is this a known issue? If yes, is it expected behavior or a bug?
This could be related
https://github.com/OISF/suricata/commit/bca0cd71ae1f9fec3ddaecceb9078ea738ddce15#r30015551
I've been meaning to look at it, but never got to it.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list