• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Suricata logging configuration

Scheduled Pinned Locked Moved pfSense Packages
suricatarsyslogsyslog
1 Posts 1 Posters 959 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    bp81
    last edited by Jan 19, 2022, 6:55 PM

    I haven't been able to find a clear answer to my question.

    We are running Suricata on our Netgate appliances. Works fine. At this point, we want to send any alerts that Suricata generates to our logging / SIEM service. The short version of that is that is that I will need to get the logs off of Suricata/pfSense and into an rsyslog server, which will pass the logs on to our logging service using their API.

    I am stuck at the part where I get the Suricata logs off pfSense and to the rsyslog server. I'd like to use the EVE json format, as that will not require any preprocessing to readable by our logging service. I can set EVE logging to be written to pfSense's syslog facilities or to a file.

    I have not proceeded with writing to Syslog so far because I don't really want to log everything from pfSense at this time. I am wondering if there is a way to get the eve.json log file's contents transmitted to my rsyslog server.~~

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received