[Oisf-users] Adding fields to Suricata EVE file?
Tiago Faria
tiago.faria.backups at gmail.com
Mon Sep 23 17:05:05 UTC 2019
Dispatchers might also help in these situations. I personally do it with
Filebeat.
Depending on your needs the Filebeat processors might be worth looking
into.
On Mon, 23 Sep 2019 at 18:00, Jason Ish <jason.ish at oisf.net> wrote:
> Hi Champ,
>
> On 2019-09-23 10:55 a.m., Champ Clark III wrote:
> >
> > Is it possible to add a field to the Suricata EVE file without code
> > modifications? For example, let's say I want to add an EVE field of
> > "sensor_location" with a value of "Jacksonville_Florida", how would I
> > do this?
>
> No, there is nothing built-in to do this. However, the idea of being
> able to statically add some fields isn't a bad one.
>
> For the example you suggest above, the configuration file does have the
> "sensor-name" value which will show up in the eve-log as "host" which
> might be useful.
>
> Jason
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190923/928e8346/attachment.html>
More information about the Oisf-users
mailing list