Hi,
You can separate alerts into a separate output file.
If I understand your question, you’d like to separate logging information from alerts. If that’s correct,
use multiple eve-log sections in your Suricata configuration file suricata.yaml.
Here’s a link to an older forum post where this is presented.