Support #1511
closed
Suricata logs are no longer being generated
Added by C S almost 9 years ago.
Updated over 8 years ago.
Description
My Suricata logs are no longer being generated. It is on a Windows 2008 R2 Box (SP1), but a script was put together for the logs to automatically be triggered as "alerts" in our ticketing system.
The types of logs that used to be generated were dns.log, fast.log, files-json.log, http.log, and tls.log.
The alerts are being fed from Emerging Threats (ET).
Does anyone have any suggestions or ideas to fix this issue? I did not originally set up this Suricata solution so the technical depth is a bit beyond my knowledge. I am happy to provide additional information if necessary.
Files
How do you mean - the logs files are there but nothing is being added to them?(even after restart?)
Which Suricata version are you using?
Peter Manev wrote:
How do you mean - the logs files are there but nothing is being added to them?(even after restart?)
Which Suricata version are you using?
My Suricata logs are no longer being generated. It is on a Centos 6.6, the logs files are there but nothing is being added to them. The logs files are appended after restart. But, just for a while, maybe 5 minutes, the logs are no longer being appended. The version of Suricata is suricata-2.1beta4.
Peter Manev wrote:
How do you mean - the logs files are there but nothing is being added to them?(even after restart?)
Correct. I see historic Suricata logs but no new ones since a particular date. How do i restart the Suricata application? I ran the suricata-reboot.bat but this error was encountered (see image). This may not be the correct file to restart though. Also, the suricata.exe does exist.
Which Suricata version are you using?
The version should be 2.0rc3 RELEASE 31/3/2014.
I am a bit confused - on what OS is Suricata running(and which version of it) and what is the purpose and/or connection between the reported Windows 2008R2 and CentOS 6.6 ?
Peter Manev wrote:
I am a bit confused - on what OS is Suricata running(and which version of it) and what is the purpose and/or connection between the reported Windows 2008R2 and CentOS 6.6 ?
Hey Peter, the Suricata application is running on a Win2008 R2 Box; it is Suricata version 2.0rc3. The CentOS is being used as connection to auto feed the logs as "alerts" into our ticketing system. Does this help?
Peter Manev wrote:
I am a bit confused - on what OS is Suricata running(and which version of it) and what is the purpose and/or connection between the reported Windows 2008R2 and CentOS 6.6 ?
Oops, I apologize. I believe this question was directed towards "wu qu about" and not me. My issue is a bit different from his.
I am so sorry. I post a new issue for the Centos 6.6.
Do you have enough space on the disk(s)?
All of these - dns.log, fast.log, files-json.log, http.log, and tls.log - stopped logging, correct, not just some?
- Status changed from New to Closed
No further feedback received and can not reproduce the issue with the latest stable version - hence closing.
Also available in: Atom
PDF
