[Oisf-users] Enabling EVE log
Hovsep Levi
hovsep.sanjay.levi at gmail.com
Tue Jul 23 18:58:54 UTC 2019
Hi all.
I'm trying to enable the EVE log in conjunction with fast.log and for some
reason it doesn't work.
The relevant config is below. The only addition to my existing working
configuration was the addition of the eve-log section.
Thanks !
# Configure the type of alert (and other) logging you would like.
outputs:
# a line based alerts log similar to Snort's fast.log
- fast:
enabled: yes
filename: fast.log
append: yes
#filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'
# Extensible Event Format (nicknamed EVE) event log in JSON format
- eve-log:
enabled: yes
filetype: regular
filename: eve-ips.json
types:
- alert
- drop
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190723/81ec0964/attachment.html>
More information about the Oisf-users
mailing list