[Oisf-users] Sending Suricata stats content to a separate JSON file

[Sascha Steinbiss]

Hi,

>     Is it possible to send the packet statistics information logged in
> eve.json to a separate file (in JSON format).

Yes, just create a new section in the "outputs" section in suricata.yaml:

outputs:
[...]

  - eve-log:
      enabled: yes
      filetype: regular
      filename: stats.json
      types:
        - stats:
           totals: yes
           threads: yes
           deltas: yes

[...]

You can have more than one "eve-log" entry in there. Then you can
comment out the 'stats' type in the main eve.json definition.

Cheers
Sascha