[Oisf-users] "sensor-name" in "stats" EVE?
Jason Ish
jason.ish at oisf.net
Tue Aug 4 17:14:30 UTC 2020
Hi Champ.
On 2020-08-04 10:36 a.m., Champ Clark III wrote:
>
> Hello! I hope all is well with the Suricata team!
>
> I had a quick question. When using Suricata "stats" (EVE output), is
> it possible to include the "sensor-name" from the configuration within
> the "stats" file? This way, this could be an identifier about "where"
> the "stats" are coming from. This could be useful for when you have
> multiple sensors out in the field.
Check out the "sensor-name" option in suricata.yaml. Its disabled by
default, but you can put some name in there.
Note that in the eve.json its logged as "host".
> NOTE: this list will soon be closed. New topics should be brought to: https://forum.suricata.io
And please come over to the forums if you haven't already.
Jason
More information about the Oisf-users
mailing list