[Oisf-users] Suricata EVE logging

Nafisa Mandliwala nafisa.mandliwala at gmail.com
Tue May 7 22:10:01 UTC 2019

Hi all,

I have a question about suricata eve log. I tried enabling eve logging
(eve.json) by editing the suricata.yaml file-

  # Extensible Event Format (nicknamed EVE) event log in JSON format
  - eve-log:
      enabled: yes
      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
      filename: eve.json

I'm not sure if I'm missing any steps but this does not generate the eve
log file under /var/log/suricata/. I tried playing around with
syslog/fast/http log and they all seem to work but not eve.
Is enabling the setting in suricata.yaml the only change that needs to be

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190507/eda8719d/attachment.html>

More information about the Oisf-users mailing list