Suricata logs to OSSIM

Nuno_Santos · May 2, 2021, 9:01pm

Hi!

Does anyone have experience in sending Suricata logs (from an external server) to OSSIM?

calelin · March 4, 2024, 12:02am

input {
  file {
    path => "/path/to/suricata/log/file"
    start_position => "beginning"
    sincedb_path => "/dev/null"
  }
}

filter {
  # Add filters here if needed to parse Suricata logs
}

output {
  syslog {
    host => "ossim-server-ip"
    port => 514
    protocol => "udp"
    facility => "local6"
    severity => "informational"
    sourcehost => "%{host}"
    message => "%{message}"
  }
}

Topic		Replies	Views
Suricata logs to syslog server	1	660	January 12, 2024
I want to know best practices for Integrating Suricata with SIEM Systems	0	149	June 22, 2024
Configure suricata to read syslog messages suricata	1	167	April 8, 2024
Suricata Logs on Splunk Help	1	623	July 31, 2023
Hello Im newbie using Suricata Help centos , windows , rules , suricata	3	249	January 17, 2024

Suricata logs to OSSIM

Related Topics