[Oisf-users] Suricata EVE logging
Nafisa Mandliwala
nafisa.mandliwala at gmail.com
Tue May 7 22:10:01 UTC 2019
Hi all,
I have a question about suricata eve log. I tried enabling eve logging
(eve.json) by editing the suricata.yaml file-
# Extensible Event Format (nicknamed EVE) event log in JSON format
- eve-log:
enabled: yes
filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
filename: eve.json
I'm not sure if I'm missing any steps but this does not generate the eve
log file under /var/log/suricata/. I tried playing around with
syslog/fast/http log and they all seem to work but not eve.
Is enabling the setting in suricata.yaml the only change that needs to be
made?
Thanks,
Nafisa
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190507/eda8719d/attachment.html>
More information about the Oisf-users
mailing list