Hello guys,
Can you please help me make suricata.yml to generate log messages instead of Json ?
I want to generate suricata-alerts..json and suricata-nsm..json as log, because the Graylog is not reading them as Json.
Best Regards,
Radu
Hi there,
Json is our main log format, so I’m afraid you won’t be able to get as much details or even all the information available in our EVE logs out of the box with Suricata if you opt for the other log formats. We don’t offer the ability to log EVE in a format other than JSON.
If you check the outputs section of our yaml file, you’ll see some options, but, as said, those usually work to complement what is in the EVE logs, they’re not interchangeable.
Maybe it would be better to investigate why isn’t graylog able to recognize the JSON logs?
Hope you find your solutions soon!