Alert-debug.log not write

ZzzaoQii · October 25, 2021, 7:57am

I use the latest version,
But my two files(fast.log,alert-debug.log) are inconsistent
For example, rules related to the dns protocol cannot be triggered in two log files at the same time

Andreas_Herz · November 1, 2021, 10:03pm

How does your config look like and how do you run Suricata?

ZzzaoQii · November 2, 2021, 1:55am

Thank you for your answer
this is my config (suricata.yamlsuricata.yaml (70.5 KB)
)

ZzzaoQii · November 2, 2021, 1:56am

This is my start command

suricata -c /etc/suricata/suricata.yaml -i eno2 -F /etc/suricata/cap-filter.bpf

cap-filter.bpf (86 Bytes)

ZzzaoQii · November 2, 2021, 1:58am

We think this is a very good product, it may be a problem with my use, I hope you can guide us

Andreas_Herz · November 27, 2021, 11:22pm

Do you see more in the fast.log compared to alert-debug.log? Can you also try to see how it looks like with the EVE json log?

Do you have some examples?

Topic		Replies	Views
Rules and log files	1	278	November 28, 2023
Suricata does not generate the fast.log file Help	5	2715	October 7, 2020
>Fast.log file is not collecting properly tried almost everything.. Suricata doesnt work Help suricata	2	146	February 28, 2024
How can I stop sending fast.log alerts via syslog? Help	14	1859	December 23, 2021
Is there a standard way to test all Suricata rules? Are there any sample EVE files I should use for testing? Developers rules , suricata	1	1606	October 26, 2022

Alert-debug.log not write

Related Topics