And a next step: it works on RHEL 7 Suricata 6.13
Now found an old post from Victor and ran this on RH7 Suri6 and the RH 8 Suri7 box:
]# nc -U -l /var/run/telegraf/suricata-stats.sock | tee /tmp/tel.log
On both servers data pops up in json format!
Now stop netcat and let’s see:
Sec6 :
]# cat /tmp/tel.log | jq
nice json formatted data shows
Sec7
]# cat /tmp/tel.log | jq
parse error: Invalid literal at line 1, column 219276
So guess this explains why Telegraf on the Suri7 box does not log data from Suri, it is unable to parse it because Suri sends it garbled or there is some buffer issue.