Suricata does't send json to splunk

Mohammadreza_Fallahi · November 20, 2024, 1:19pm

Hi,
Suricata does’t send logs to splunk in json file format and sends it in syslog format
can anybody help to to solve the problem?

thanks,

Jeff_Lucovsky · November 20, 2024, 1:25pm

What version of Suricata are you using?

Please share your suricata config file (suricata.yaml)

Mohammadreza_Fallahi · November 20, 2024, 1:44pm

version: 6.0.10
suricata.yaml (73.0 KB)

Jeff_Lucovsky · November 20, 2024, 1:48pm

First, Suricata 6.0.10 is EOL and is not supported.

The suricata configuration file shows that eve.json is being created and will contain logs and alerts from suricata.

Suricata isn’t involved in log export; it creates and populates the files as it processes packets.

Topic		Replies	Views
Suricata logs to syslog server	1	688	January 12, 2024
Suricata 4.0.6, /data/suricata/eve.json files too large Help suricata	1	275	April 5, 2024
Suricata generate log files instead of Json Help suricata	1	270	November 22, 2023
Suricata no longer write into Eve files Help	2	2068	May 7, 2021
Suricata 6.0.9 on Ubuntu 22.04 not getting traffic at all Help	11	998	December 24, 2022