Hello,
Is there a way to identify the suricata probe inside eve-log? I mean, imagine you have the raw eve-logs of many suricata probes all mixed together, but you want a parameter to identify which probe wrote that event.
I have seen that there is a parameter “identity” but it only works if syslog type log, but I am using regular. Is there anything similar in regular type?
Thanks in advance.