Support #1511
closedSuricata logs are no longer being generated
Description
My Suricata logs are no longer being generated. It is on a Windows 2008 R2 Box (SP1), but a script was put together for the logs to automatically be triggered as "alerts" in our ticketing system.
The types of logs that used to be generated were dns.log, fast.log, files-json.log, http.log, and tls.log.
The alerts are being fed from Emerging Threats (ET).
Does anyone have any suggestions or ideas to fix this issue? I did not originally set up this Suricata solution so the technical depth is a bit beyond my knowledge. I am happy to provide additional information if necessary.
Files
Updated by Peter Manev over 9 years ago
How do you mean - the logs files are there but nothing is being added to them?(even after restart?)
Which Suricata version are you using?
Updated by wu qu over 9 years ago
Peter Manev wrote:
How do you mean - the logs files are there but nothing is being added to them?(even after restart?)
Which Suricata version are you using?
My Suricata logs are no longer being generated. It is on a Centos 6.6, the logs files are there but nothing is being added to them. The logs files are appended after restart. But, just for a while, maybe 5 minutes, the logs are no longer being appended. The version of Suricata is suricata-2.1beta4.
Updated by C S over 9 years ago
Peter Manev wrote:
How do you mean - the logs files are there but nothing is being added to them?(even after restart?)
Correct. I see historic Suricata logs but no new ones since a particular date. How do i restart the Suricata application? I ran the suricata-reboot.bat but this error was encountered (see image). This may not be the correct file to restart though. Also, the suricata.exe does exist.
Which Suricata version are you using?
The version should be 2.0rc3 RELEASE 31/3/2014.
Updated by Peter Manev over 9 years ago
I am a bit confused - on what OS is Suricata running(and which version of it) and what is the purpose and/or connection between the reported Windows 2008R2 and CentOS 6.6 ?
Updated by C S over 9 years ago
Peter Manev wrote:
I am a bit confused - on what OS is Suricata running(and which version of it) and what is the purpose and/or connection between the reported Windows 2008R2 and CentOS 6.6 ?
Hey Peter, the Suricata application is running on a Win2008 R2 Box; it is Suricata version 2.0rc3. The CentOS is being used as connection to auto feed the logs as "alerts" into our ticketing system. Does this help?
Updated by C S over 9 years ago
Peter Manev wrote:
I am a bit confused - on what OS is Suricata running(and which version of it) and what is the purpose and/or connection between the reported Windows 2008R2 and CentOS 6.6 ?
Oops, I apologize. I believe this question was directed towards "wu qu about" and not me. My issue is a bit different from his.
Updated by wu qu over 9 years ago
I am so sorry. I post a new issue for the Centos 6.6.
Updated by Peter Manev over 9 years ago
Do you have enough space on the disk(s)?
All of these - dns.log, fast.log, files-json.log, http.log, and tls.log - stopped logging, correct, not just some?
Updated by Peter Manev almost 9 years ago
- Status changed from New to Closed
No further feedback received and can not reproduce the issue with the latest stable version - hence closing.