Hi, we have installed Suricata and our SIEM system on separate machines. We are wondering if there’s a measure that our SIEM system is able to sense if Suricata keeps alive or dead. Thank you!
Hí,
If you run as a service, you can see it there. Also checking suricata.log
You could also ingest the stats log part and check for an update on the stats