Project

General

Profile

Actions
Copy link

Support #2002

closed

log routing / conditional logging

Added by Roman Karpyuk over 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:

Description

Hi,
Please, let me know, if I have the opportunity to enable different types of logging for different rules.
For example, I want to log emerging-games.rules with stats.log and emerging-dns.rules with eve.json

Actions
Copy link
 #1

Updated by Victor Julien over 7 years ago

  • Target version deleted (3.2.1)

Alert logging is unconditional.

I guess you could write your own lua alert logger where you could add your own logic for what to log where.

Actions
Copy link
 #2

Updated by Roman Karpyuk over 7 years ago

Thanks for your answer
So with standard methods I can't do this, I need to write a script?! I understand you correctly?!
My goal is index alerts in Splunk, so I want write "top" rules in eve.json and another in stats.log

Actions
Copy link
 #3

Updated by Victor Julien about 7 years ago

  • Subject changed from Logs to log routing / conditional logging

If you log all in eve you should be able to post process in splunk. Our alert logging is unconditional, so it's all or nothing.

Actions
Copy link
 #4

Updated by Andreas Herz about 7 years ago

  • Assignee set to Anonymous
  • Target version set to TBD
Actions
Copy link
 #5

Updated by Andreas Herz over 6 years ago

  • Status changed from New to Closed
Actions
Copy link
 #6

Updated by Victor Julien over 6 years ago

  • Target version deleted (TBD)
Actions
Copy link

Also available in: Atom PDF