[Oisf-users] Adding fields to Suricata EVE file?
Sascha Steinbiss
satta at debian.org
Tue Sep 24 06:20:53 UTC 2019
> On 23. Sep 2019, at 19:05, Tiago Faria <tiago.faria.backups at gmail.com> wrote:
>
> Dispatchers might also help in these situations. I personally do it with Filebeat.
>
> Depending on your needs the Filebeat processors might be worth looking into.
Syslog-ng also works well:
parser p_json {
channel {
parser { json-parser(); };
rewrite {
set("Jacksonville_Florida" value("sensor_location"));
};
};
};
Then use this parser when reading your EVE from a source:
log {
source(...);
parser(p_json);
destination(...);
};
Cheers
Sascha
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190924/0e17a2d0/attachment.sig>
More information about the Oisf-users
mailing list