Suricata Alerts:
I am aware that we get src and dst mac if we enable ethernet attribute in eve-log section but eve-log is json format, I was checking if there is any alternative to get the alerts with ethernet src and dst mac addresses.
No, those are eve only.
@vjulien , so you basically mean that there is no other option where we can get alerts with ethernet src and dst mac addresses ?
Indeed. Eve is the format we develop. fast.log is just a legacy format.
Of course it’s trivial to change the code to add those outputs into your Suricata. Will just require a handful of lines of code.