Suricata 7.0.10 After unix-socket is Enabled, Logs cannot be output to eve.json. How can I Output logs to eve.json at the same time or Transmit Logs through unix-socket

Edison_Chen · April 2, 2025, 2:53am

suricata 7.0.10 After unix-socket is Enabled, Logs cannot be output to eve.json. How can I Output logs to eve.json at the same time or Transmit Logs through unix-socket

When running this command, eve.json does not output logs
suricata -c /etc/suricata/suricata.yaml --unix-socket=/var/run/suricata/suricata-command.socket
This command will output eve.json logs
suricata -c /etc/suricata/suricata.yaml --af-packet=ens33

This is my suricata config
suricata.yaml (85.1 KB)

Andreas_Herz · April 7, 2025, 8:37pm

What happens if you run:

 suricata -c /etc/suricata/suricata.yaml --af-packet=ens33 --unix-socket=/var/run/suricata/suricata-command.socket

Ideally also add for all the runs the suricata.log

Topic		Replies	Views
Suricata 7.0.10 cannot enable the unix-socket configuration	5	19	April 2, 2025
How can we stream suricata logs to a port Help	5	1569	March 24, 2022
Information is logged in http.log instead of eve.json Help	4	30	February 17, 2025
Eve JSON Output with configuration : packet: yes Help centos	2	1208	August 28, 2021
Suricata stats and Telegraf Help suricata	10	573	June 26, 2023

Suricata 7.0.10 After unix-socket is Enabled, Logs cannot be output to eve.json. How can I Output logs to eve.json at the same time or Transmit Logs through unix-socket

Related topics