[Oisf-users] Only Stats in Eve.json
David Decker
x.faith at gmail.com
Sat Jun 15 05:22:33 UTC 2019
OK thanks, I will on monday when I can get the details.
On Fri, Jun 14, 2019 at 12:18 PM Andreas Herz <aherz at oisf.net> wrote:
> Hi David,
>
> On 14/06/19 at 09:27, David Decker wrote:
> > ALl,
> >
> > So I have a suricata running.
> >
> > suricata.yaml: eve.json enabled. stats enabled, rules file
> > includes override1 (eve.json enabled, unified2 enabled)
> > includes override 2 (adds a rule file)
> > I have ET rules listed , and some other Threat Hunt rules
> > Main issue is that the eve.json is only showing Stats (for event types)
> > Fast.json is showing the Threat Hunt rule hits, no ET rules.
> >
> > Its on an out of band system, but I could copy some of the config if
> needed.
>
> I highly recommend sending the relevant config sections so we can start
> with that for debugging.
>
> --
> Andreas Herz
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190614/5a082431/attachment.html>
More information about the Oisf-users
mailing list