Hi, I’m trying to create a application to sort out logs. I was planning to ship fast.log or EVE json to a SQL database and i heard that barnyard2 is outdated now. Is there any ways to ship suricata logs to a database?
My setup : ubuntu VM contain suricata, a vm contain database(Mysql,mongodb)
I used fluentd to ship log to db or filebeag
you mean filebeat or something else?
Yes filebeat to send log to elastic database. Or fluentd
You can also try Meer. It reads in EVE and can store data to Redis, MariaDB , MySQL, etc . It can also work similar to Barnyard2 but using EVE rather than unified2 files.
See GitHub - quadrantsec/meer: Meer is a "spooler" for Suricata / Sagan.
It’s also purpose built for this purpose.