[Oisf-users] Sending Suricata stats content to a separate JSON file

Nelson, Cooper cnelson at ucsd.edu
Wed Aug 14 18:47:19 UTC 2019

This is what we do.   What I really like about it is that I just have everything turned on in the yaml file and then just use grep to extract exactly what I want.   It's also useful for filtering out noisy/low-value stuff before sending to a $IEM.


-----Original Message-----
From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> On Behalf Of David
Sent: Wednesday, August 14, 2019 6:11 AM
To: Sascha Steinbiss <satta at debian.org>
Cc: oisf-users at lists.openinfosecfoundation.org
Subject: Re: [Oisf-users] Sending Suricata stats content to a separate JSON file

You can also output stats (or any other EVE content) to a named pipe.  
This makes it simple to read in a scripting language to run automation.  
I have done this with the stats before, with a simple Python reader that sends a summary of problems to a centralised server.

Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

Conference: https://suricon.net
Trainings: https://suricata-ids.org/training/

More information about the Oisf-users mailing list