I want to send packet data using logstash

headfish · August 17, 2020, 11:31am

i want to send suricata log with packet data to elk.
eve.json is easy to send for elk using filebeat or logstash but I want to include packet data in detection event and send it to elk.

in sguil, can analysis packet data in Detection event.
I want to check like that in elk.

I only need to be able to check the hexstream(packet) of Detection Event in kibana.

is it possible?

ish · August 17, 2020, 9:41pm

We don’t provide this in hex at this time, but do so in base64, or the printable bytes. In your suricata.yaml look at outputs.eve-log.types.alert.payload and set that to yes as its off by default.

Topic		Replies	Views
Integrate Suricata with ELK Help	2	596	August 24, 2022
Suricata no longer write into Eve files Help	2	2057	May 7, 2021
Discussion about Suricata Help rules	3	316	January 17, 2023
Suricata with ELK Stack Help	6	6216	December 17, 2021
Suricata the output of eve.log does not include data on http connections Help	11	2254	November 27, 2021

I want to send packet data using logstash

Related Topics