Hello,
I just finish my first installation of Suricata, on a redhat server (via DNF installation)
I need to send the suricata eve log to my siem, but to avoid to much log I don’t want the stats log in the eve.json file.
I already tryed to set the following setting in the suricata.yaml file
Global stats configuration
stats:
enabled: no
But want a set the parameter to no suricat refuse to start with the followgin error:
× suricata.service - Suricata Intrusion Detection Service
Loaded: loaded (/usr/lib/systemd/system/suricata.service; enabled; preset: disabled)
Active: failed (Result: exit-code) since Fri 2025-06-13 16:04:16 CEST; 5s ago
Duration: 73ms
Docs: man:suricata(1)
Process: 50416 ExecStartPre=/bin/rm -f /var/run/suricata.pid (code=exited, status=0/SUCCESS)
Process: 50417 ExecStart=/sbin/suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid $OPTIONS (code=exited, status=1/FAILURE)
Main PID: 50417 (code=exited, status=1/FAILURE)
CPU: 77ms
Jun 13 16:04:16 systemd[1]: Starting Suricata Intrusion Detection Service…
Jun 13 16:04:16 systemd[1]: Started Suricata Intrusion Detection Service.
Jun 13 16:04:16 suricata[50417]: i: suricata: This is Suricata version 7.0.8 RELEASE running in SYSTEM mode
Jun 13 16:04:16 suricata[50417]: E: output-json-stats: eve.stats: stats are disabled globally: set stats.enabled to true. See https://docs.suricata.io/en/suricata-7.0.8/co>
Jun 13 16:04:16 suricata[50417]: E: runmodes: unable to initialize sub-module eve-log.stats
Jun 13 16:04:16 systemd[1]: suricata.service: Main process exited, code=exited, status=1/FAILURE
Jun 13 16:04:16 systemd[1]: suricata.service: Failed with result ‘exit-code’.
What am I missing ?
thanks for you help