Suricata logs to OSSIM

Nuno_Santos · May 2, 2021, 9:01pm

Hi!

Does anyone have experience in sending Suricata logs (from an external server) to OSSIM?

calelin · March 4, 2024, 12:02am

input {
  file {
    path => "/path/to/suricata/log/file"
    start_position => "beginning"
    sincedb_path => "/dev/null"
  }
}

filter {
  # Add filters here if needed to parse Suricata logs
}

output {
  syslog {
    host => "ossim-server-ip"
    port => 514
    protocol => "udp"
    facility => "local6"
    severity => "informational"
    sourcehost => "%{host}"
    message => "%{message}"
  }
}

Topic		Replies	Views
Weird logs when Suricata is running Help community , suricata	3	310	January 27, 2023
Integrating wazuh and suricata to display logs on wazuh Dashboard Help	1	569	January 29, 2024
Contributing to Suricata-verify Developers	7	716	November 17, 2021
Suricata & Pagerduty integration Help	0	281	January 10, 2022
July's webinar: Using jq for Suricata log parsing Announcements webinar , free-webinar	4	717	August 1, 2023

Suricata logs to OSSIM

Related Topics