- Suricata version 7.0.5
- Operating system and/or Linux distribution Raspbian bookworm
- How you installed Suricata (from source, packages, something else) From source, with configure options as following:
./configure --sysconfdir=/etc --localstatedir=/var --enable-geop --enable-lua --enable-hiredis
make && make install-full
I was using the redis backend for eve output, and I was getting a “host” field, with the Suricata machine hostname
However, once I changed to “unix_stream” output, I’m unable to find that “host” field anymore.
Is this intented behaviour? Did I miss something on any config file?