[Oisf-users] Adding fields to Suricata EVE file?
Jason Ish
jason.ish at oisf.net
Mon Sep 23 17:00:38 UTC 2019
Hi Champ,
On 2019-09-23 10:55 a.m., Champ Clark III wrote:
>
> Is it possible to add a field to the Suricata EVE file without code
> modifications? For example, let's say I want to add an EVE field of
> "sensor_location" with a value of "Jacksonville_Florida", how would I
> do this?
No, there is nothing built-in to do this. However, the idea of being
able to statically add some fields isn't a bad one.
For the example you suggest above, the configuration file does have the
"sensor-name" value which will show up in the eve-log as "host" which
might be useful.
Jason
More information about the Oisf-users
mailing list