[Oisf-users] Suricata YAML / JSON - Splunk
David Decker
x.faith at gmail.com
Tue May 7 02:53:02 UTC 2019
I am using Security Onion, but wanted to switch the output to JSON
(eve.json) which is being created, but the alerts are not being populated.
I believe that they are still being populated for the Barnyard files (per
SO). I know I had them both working for a few minutes but currently not
getting any thing. here is the part from my suricata.yaml
# Extensible Event Format (nicknamed EVE) event log in JSON format
- eve-log:
enabled: yes
filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
filename: suricata.json
#prefix: "@cee: " # prefix to prepend to each log entry
# the following are valid when type: syslog above
#identity: "suricata"
#facility: local5
#level: Info ## possible levels: Emergency, Alert, Critical,
## Error, Warning, Notice, Info, Debug
#redis:
# server: 127.0.0.1
# port: 6379
# async: true ## if redis replies are read asynchronously
# mode: list ## possible values: list|lpush (default), rpush,
channel|publish
# ## lpush and rpush are using a Redis list. "list" is an
alias for lpush
# ## publish is using a Redis channel. "channel" is an
alias for publish
# key: suricata ## key or channel to use (default to suricata)
# Redis pipelining set up. This will enable to only do a query every
# 'batch-size' events. This should lower the latency induced by
network
# connection at the cost of some memory. There is no flushing
implemented
# so this setting as to be reserved to high traffic suricata.
# pipelining:
# enabled: yes ## set enable to yes to enable query pipelining
# batch-size: 10 ## number of entry to keep in buffer
# Include top level metadata. Default yes.
metadata: yes
# include the name of the input pcap file in pcap file processing mode
pcap-file: false
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190506/767daba4/attachment.html>
More information about the Oisf-users
mailing list