[Oisf-users] Rsyslog suppressed messages from suricata

Michał Purzyński michalpurzynski1 at gmail.com
Sun Jun 30 20:48:15 UTC 2019

Can you share you suricata.yml? Ideally Suricata should not write events to
syslog, eve-json is best used for that. Take a look here to disable the
syslog output


And here to enable the eve-json


We use syslog-ng to pick up messages from the JSON file and ship them to

On Wed, Jun 19, 2019 at 6:02 AM <craig at reswob10.net> wrote:

> Hi, new to suricata.  I have a new install on CentOS 7 running rsyslog
> 8.24.0-34.el7 and I have suricata 4.1.4
> My problem is it appears rsyslog is blocking writing of events to
> /var/log/messages because I see no suricata logs, but many of these entries:
> journal: Suppressed 13475 messages from /system.slice/suricata.service
> (the number of suppressed messages changes, but the main message stays the
> same)
> Is there a particular area of my config I should look at to tweak to fix
> this? Does this mean I should migrate to a server with more CPU and/or RAM?
> Thanks
> Craig
> My other question is this: is there a way to search the archives?  I went
> to https://lists.openinfosecfoundation.org/pipermail/oisf-users/ but I
> didn't see a search capability....
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190630/db7f3ce0/attachment.html>

More information about the Oisf-users mailing list