Mail Report + Clog Command = Empty Email
-
Hello All,
I'm hoping someone can help me figure out what I'm doing wrong. I'm trying to send Suricata alerts via the Email Reports package. The logs don't seem to be listed anywhere that is accessible by default via Email Reports, so I've been trying to use the "Included Commands" option in Emails Reports.
The following command line options work for me:
clog /var/log/suricata/suricata_bceXXXXXX/alerts.log
or
/usr/local/sbin/clog /var/log/suricata/suricata_bceXXXXXX/alerts.logBut my Email Report shows up empty:
Current report: Suricata LAN AlertsCommand output: cdalerts.log (/usr/local/sbin/clog /var/log/suricata/suricata_bceXXXXXX/alerts.log)
(nothing)Any help appreciated! Thanks!
-
it turns out that a clue I hadn't posted above lead to the solution. Along with my log data, I was getting a (at the end):
clog: ERROR: could not write output (Bad address)
I searched for that error and found another post
'clog' is used to view circular log files, but not all pfSense logs are circular.
I looked for another way of outputting a log to the command line and found "head"
head /var/log/suricata/suricata_bceXXXXXX/alerts.log worked.