[Oisf-users] Sending Suricata stats content to a separate JSON file
Srinivasan J
srinidpdk at gmail.com
Tue Aug 13 17:32:40 UTC 2019
Thank you for the quick response Sascha, it worked flawlessly in Suricata 4.1.4.
Regards,
SriniJ
On Tue, Aug 13, 2019 at 10:00 PM Sascha Steinbiss <satta at debian.org> wrote:
>
> Hi,
>
> > Is it possible to send the packet statistics information logged in
> > eve.json to a separate file (in JSON format).
>
> Yes, just create a new section in the "outputs" section in suricata.yaml:
>
> outputs:
> [...]
>
> - eve-log:
> enabled: yes
> filetype: regular
> filename: stats.json
> types:
> - stats:
> totals: yes
> threads: yes
> deltas: yes
>
> [...]
>
> You can have more than one "eve-log" entry in there. Then you can
> comment out the 'stats' type in the main eve.json definition.
>
> Cheers
> Sascha
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
More information about the Oisf-users
mailing list