Suricata does't send json to splunk

Mohammadreza_Fallahi · November 20, 2024, 1:19pm

Hi,
Suricata does’t send logs to splunk in json file format and sends it in syslog format
can anybody help to to solve the problem?

thanks,

Jeff_Lucovsky · November 20, 2024, 1:25pm

What version of Suricata are you using?

Please share your suricata config file (suricata.yaml)

Mohammadreza_Fallahi · November 20, 2024, 1:44pm

version: 6.0.10
suricata.yaml (73.0 KB)

Jeff_Lucovsky · November 20, 2024, 1:48pm

First, Suricata 6.0.10 is EOL and is not supported.

The suricata configuration file shows that eve.json is being created and will contain logs and alerts from suricata.

Suricata isn’t involved in log export; it creates and populates the files as it processes packets.

Amin_Dehbashi · December 4, 2024, 6:07am

Hi, I have the same issue, and I want to get Suricata logs into Splunk, but the logs are not being parsed. Has anyone experienced a similar problem?

ish · December 4, 2024, 3:02pm

Probably a better question to Splunk support. Suricata generates Suricata logs, but isn’t involved in the process of getting those into Splunk, that would be done by Splunk tooling.

Topic		Replies	Views
Suricata logs to syslog server	1	742	January 12, 2024
Suricata 4.0.6, /data/suricata/eve.json files too large Help suricata	1	329	April 5, 2024
Suricata generate log files instead of Json Help suricata	1	271	November 22, 2023
Suricata no longer write into Eve files Help	2	2085	May 7, 2021
Suricata 6.0.9 on Ubuntu 22.04 not getting traffic at all Help	11	1010	December 24, 2022

Suricata does't send json to splunk

Related topics