[Oisf-users] Each worker with a eve.json

David Decker x.faith at gmail.com
Mon Sep 16 15:29:12 UTC 2019

So this might sound off but trying to figure this out.

I have a machine with 2 "eve.jsons", one under suricata at 0 and another at
suricata at 1.  I was told this was due to the amount of workers allocated to
suricata.  I cant seem to find any information on this type of setup, and
wanted to see if I can get some info to try and narrow it down.

Is there a way to see how many workers are allocated?   And from there
which get sent to which suricata eve.json.

I believe I only see one suricata.yaml file as of right now.  Any other
information needed I can try and provide.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190916/c1a1d485/attachment.html>

More information about the Oisf-users mailing list