[Oisf-users] Only Stats in Eve.json
Andreas Herz
aherz at oisf.net
Fri Jun 14 19:18:28 UTC 2019
Hi David,
On 14/06/19 at 09:27, David Decker wrote:
> ALl,
>
> So I have a suricata running.
>
> suricata.yaml: eve.json enabled. stats enabled, rules file
> includes override1 (eve.json enabled, unified2 enabled)
> includes override 2 (adds a rule file)
> I have ET rules listed , and some other Threat Hunt rules
> Main issue is that the eve.json is only showing Stats (for event types)
> Fast.json is showing the Threat Hunt rule hits, no ET rules.
>
> Its on an out of band system, but I could copy some of the config if needed.
I highly recommend sending the relevant config sections so we can start
with that for debugging.
--
Andreas Herz
More information about the Oisf-users
mailing list