Alert-debug.log not write

ZzzaoQii · October 25, 2021, 7:57am

I use the latest version,
But my two files(fast.log,alert-debug.log) are inconsistent
For example, rules related to the dns protocol cannot be triggered in two log files at the same time

Andreas_Herz · November 1, 2021, 10:03pm

How does your config look like and how do you run Suricata?

ZzzaoQii · November 2, 2021, 1:55am

Thank you for your answer
this is my config (suricata.yamlsuricata.yaml (70.5 KB)
)

ZzzaoQii · November 2, 2021, 1:56am

This is my start command

suricata -c /etc/suricata/suricata.yaml -i eno2 -F /etc/suricata/cap-filter.bpf

cap-filter.bpf (86 Bytes)

ZzzaoQii · November 2, 2021, 1:58am

We think this is a very good product, it may be a problem with my use, I hope you can guide us

Andreas_Herz · November 27, 2021, 11:22pm

Do you see more in the fast.log compared to alert-debug.log? Can you also try to see how it looks like with the EVE json log?

Do you have some examples?

Topic		Replies	Views
Alert-debug not writing Help	4	639	October 22, 2021
Rules and log files	1	1027	November 28, 2023
Fast.log not being written to Help suricata	13	97	September 9, 2024
Some alerts are not logged in fast.log Help rules , suricata	7	57	August 30, 2024
Suricata does not generate the fast.log file Help	5	2997	October 7, 2020

Alert-debug.log not write

Related topics