Project

General

Profile

Actions

Feature #1270

closed

Request: Adding several logging enhancements

Added by Andreas Herz over 9 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Effort:
Difficulty:
Label:

Description

Hi,

i have some requests for the logging that aren't yet available or i just
missed them:

1. It would be nice to log more logs into the syslog, not just EVE. I
would like the drop.log for example in the syslog but the fast.log still
in it's own file.

2. Customization of the logs would be also nice, what we would like to
have is some sort of "prefix" as provided by the LOG target with
--log-prefix="FOOBAR". In the drop.log case it would be nice to have a
line with a "[IDS DROP]" prefix to help parsing the logfile to assign
specific lines.

3. It would also be nice to have the option to include the interface
information into the logs. In a scenario with several interfaces on
which a suricata in inline/IPS mode is running, it would be nice to see
on which interface a rule triggered.

4. alert-debug.log has nearly all of the informations that fast.log has,
except the "wDrop" in monitor mode, so alert-debug.log looks the same in
inline and in monitor mode. And in alert-debug.log it would be also nice
to get the interface added.

So is this already something i could achieve but didn't find or is it at
least worth to be implemented?

Actions #1

Updated by Andreas Herz over 9 years ago

bump :)

Actions #2

Updated by Victor Julien almost 9 years ago

  • Assignee set to Anonymous
  • Target version set to TBD
Actions #3

Updated by Andreas Herz about 7 years ago

  • Status changed from New to Closed

The requests are not needed anymore or covered by EVE etc.

Actions #4

Updated by Victor Julien over 6 years ago

  • Target version deleted (TBD)
Actions

Also available in: Atom PDF