[Oisf-users] Sending Suricata stats content to a separate JSON file
Nelson, Cooper
cnelson at ucsd.edu
Wed Aug 14 18:47:19 UTC 2019
This is what we do. What I really like about it is that I just have everything turned on in the yaml file and then just use grep to extract exactly what I want. It's also useful for filtering out noisy/low-value stuff before sending to a $IEM.
-Coop
-----Original Message-----
From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> On Behalf Of David
Sent: Wednesday, August 14, 2019 6:11 AM
To: Sascha Steinbiss <satta at debian.org>
Cc: oisf-users at lists.openinfosecfoundation.org
Subject: Re: [Oisf-users] Sending Suricata stats content to a separate JSON file
You can also output stats (or any other EVE content) to a named pipe.
This makes it simple to read in a scripting language to run automation.
I have done this with the stats before, with a simple Python reader that sends a summary of problems to a centralised server.
David
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Conference: https://suricon.net
Trainings: https://suricata-ids.org/training/
More information about the Oisf-users
mailing list