Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata EVE JSON log option

    IDS/IPS
    1
    1
    1412
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mikesamo
      last edited by

      Hello,

      it's possible in the future suricata webgui update to have theses options for eve json log

      I need to have this config exactly

      # global stats configuration
      stats:
        enabled: yes
        # The interval field (in seconds) controls at what interval
        # the loggers are invoked.
        interval: 8

      # "United" event log in JSON format
        - eve-log:
            enabled: yes
            type: file #file|syslog|unix_dgram|unix_stream
            filename: eve.json
            # the following are valid when type: syslog above
            #identity: "suricata"
            #facility: local5
            #level: Info ## possible levels: Emergency, Alert, Critical,
                        ## Error, Warning, Notice, Info, Debug
            types:
              - alert
              - http:
                  extended: yes    # enable this for extended logging information
              - dns
              - tls:
      **            extended: yes    # enable this for extended logging information**
              - files:
      **            force-magic: yes  # force logging magic on all logged files
                  force-md5: yes    # force logging of md5 checksums**
              #- drop
      **        - ssh
              - smtp
              - flow
              - stats:
                  totals: yes      # stats for all threads merged together
                  threads: no      # per thread stats
                  deltas: no        # include delta values**

      Thanks,

      ![2016-09-21 20-21-48_Screenshot-2016-09-21_20.21.png](/public/imported_attachments/1/2016-09-21 20-21-48_Screenshot-2016-09-21_20.21.png)
      ![2016-09-21 20-21-48_Screenshot-2016-09-21_20.21.png_thumb](/public/imported_attachments/1/2016-09-21 20-21-48_Screenshot-2016-09-21_20.21.png_thumb)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post