Hello!
I would like to send my suricata logs to a syslog server,
can you guide me how to do so?
do i need to configure the rsyslog.conf file as well?
thank you in advance!
Typically you’d configure your syslog daemon, like rsyslog to monitor the Suricata log files and send them over. But you might want to check with your specific syslog implementation. Ideally you’d send the eve.json over and I believe some syslog daemons now have support for JSON, and you’ll want to be sure you are using TCP syslog and many messages may go over the UDP limits. But it will probably require some investigation and experimentation, in practice I think its much more common to use tools like Logstash, Filebeat, or some other log shipper.