[Oisf-users] FW: [EXTERNAL] Suricata EVE logging
Chris Ford
crford at gmail.com
Tue May 7 23:09:18 UTC 2019
Make sure that you have libjannson installed and that you have alerts
enabled under the eve-log output section.
https://suricata.readthedocs.io/en/suricata-4.1.3/output/eve/eve-json-output.html
--
Chris Ford - crford at gmail.com
GPG Key - https://keybase.io/crford
> *From:* Oisf-users [mailto:
> oisf-users-bounces at lists.openinfosecfoundation.org] *On Behalf Of *Nafisa
> Mandliwala
> *Sent:* Tuesday, May 7, 2019 5:10 PM
> *To:* oisf-users at lists.openinfosecfoundation.org
> *Subject:* [Oisf-users] Suricata EVE logging
>
>
>
> Hi all,
>
>
>
> I have a question about suricata eve log. I tried enabling eve logging
> (eve.json) by editing the suricata.yaml file-
>
>
>
> # Extensible Event Format (nicknamed EVE) event log in JSON format
>
> - eve-log:
>
> enabled: yes
>
> filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
>
> filename: eve.json
>
>
>
> I'm not sure if I'm missing any steps but this does not generate the eve
> log file under /var/log/suricata/. I tried playing around with
> syslog/fast/http log and they all seem to work but not eve.
>
> Is enabling the setting in suricata.yaml the only change that needs to be
> made?
>
>
>
> Thanks,
>
> Nafisa
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190507/9a5589fd/attachment.html>
More information about the Oisf-users
mailing list