[Oisf-users] Sending Suricata stats content to a separate JSON file
David
lists at edeca.net
Wed Aug 14 13:10:39 UTC 2019
On 2019-08-13 17:30, Sascha Steinbiss wrote:
> Hi,
>
>> Is it possible to send the packet statistics information logged in
>> eve.json to a separate file (in JSON format).
>
> Yes, just create a new section in the "outputs" section in
> suricata.yaml:
You can also output stats (or any other EVE content) to a named pipe.
This makes it simple to read in a scripting language to run automation.
I have done this with the stats before, with a simple Python reader that
sends a summary of problems to a centralised server.
David
More information about the Oisf-users
mailing list