Hi
I don’t want to write suricata logs on the same machine , on which I am running suricata
I want to send it to other machine through a stream pipeline via any port
How can I do this
Thanks
You can send EVE logs to syslog or to a UNIX domain socket (udp or tcp).
To do this, you’d set the filetype configuration value in suricata.yaml to
syslogunix_dgramunix_stream
If using a UNIX domain socket, filename specifies the name of the socket. Suricata will try to connect to this.
Yes I have seen filetype defined for each output log and filename
Do suricata support output to kafka , is there any plugin or configuration.
Suricata does not support direct output to Kafka. We do support direct output to redis.
I can’t vouch for this project but perhaps it might help find a solution for you? GitHub - spartan782/suricata-kafka: Python code that allows suricata to write to a unix socket and then stream it to a kafka broker
Can you provide a sample .sock file used for sending suricata logs over unix_stream
Suricata can send log/alert data over a UNIX domain socket channel. The UNIX domain socket will be create by a server process that
- Creates a UNIX domain socket (either stream or dgram)
- Binds the socket to a local file system file
- Then listens for connection requests.
Step 3 allows Suricata to “connect” to the socket.
The link I provided has the code to setup the socket file allowing Suricata to connect to it.