Project

General

Profile

Actions

Support #1511

closed

Suricata logs are no longer being generated

Added by C S over 8 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
High
Assignee:
-
Affected Versions:
Label:

Description

My Suricata logs are no longer being generated. It is on a Windows 2008 R2 Box (SP1), but a script was put together for the logs to automatically be triggered as "alerts" in our ticketing system.

The types of logs that used to be generated were dns.log, fast.log, files-json.log, http.log, and tls.log.

The alerts are being fed from Emerging Threats (ET).

Does anyone have any suggestions or ideas to fix this issue? I did not originally set up this Suricata solution so the technical depth is a bit beyond my knowledge. I am happy to provide additional information if necessary.


Files

IMG1.JPG (65.4 KB) IMG1.JPG Suricata-Reboot.Bat C S, 07/22/2015 07:59 AM
Actions #1

Updated by Peter Manev over 8 years ago

How do you mean - the logs files are there but nothing is being added to them?(even after restart?)

Which Suricata version are you using?

Actions #2

Updated by wu qu over 8 years ago

Peter Manev wrote:

How do you mean - the logs files are there but nothing is being added to them?(even after restart?)

Which Suricata version are you using?

My Suricata logs are no longer being generated. It is on a Centos 6.6, the logs files are there but nothing is being added to them. The logs files are appended after restart. But, just for a while, maybe 5 minutes, the logs are no longer being appended. The version of Suricata is suricata-2.1beta4.

Actions #3

Updated by C S over 8 years ago

Peter Manev wrote:

How do you mean - the logs files are there but nothing is being added to them?(even after restart?)
Correct. I see historic Suricata logs but no new ones since a particular date. How do i restart the Suricata application? I ran the suricata-reboot.bat but this error was encountered (see image). This may not be the correct file to restart though. Also, the suricata.exe does exist.
Which Suricata version are you using?

The version should be 2.0rc3 RELEASE 31/3/2014.

Actions #4

Updated by Peter Manev over 8 years ago

I am a bit confused - on what OS is Suricata running(and which version of it) and what is the purpose and/or connection between the reported Windows 2008R2 and CentOS 6.6 ?

Actions #5

Updated by C S over 8 years ago

Peter Manev wrote:

I am a bit confused - on what OS is Suricata running(and which version of it) and what is the purpose and/or connection between the reported Windows 2008R2 and CentOS 6.6 ?

Hey Peter, the Suricata application is running on a Win2008 R2 Box; it is Suricata version 2.0rc3. The CentOS is being used as connection to auto feed the logs as "alerts" into our ticketing system. Does this help?

Actions #6

Updated by C S over 8 years ago

Peter Manev wrote:

I am a bit confused - on what OS is Suricata running(and which version of it) and what is the purpose and/or connection between the reported Windows 2008R2 and CentOS 6.6 ?

Oops, I apologize. I believe this question was directed towards "wu qu about" and not me. My issue is a bit different from his.

Actions #7

Updated by wu qu over 8 years ago

I am so sorry. I post a new issue for the Centos 6.6.

Actions #8

Updated by Peter Manev over 8 years ago

Do you have enough space on the disk(s)?
All of these - dns.log, fast.log, files-json.log, http.log, and tls.log - stopped logging, correct, not just some?

Actions #9

Updated by Peter Manev about 8 years ago

  • Status changed from New to Closed

No further feedback received and can not reproduce the issue with the latest stable version - hence closing.

Actions

Also available in: Atom PDF