Support #2002
closed
log routing / conditional logging
Added by Roman Karpyuk over 7 years ago.
Updated over 6 years ago.
Description
Hi,
Please, let me know, if I have the opportunity to enable different types of logging for different rules.
For example, I want to log emerging-games.rules with stats.log and emerging-dns.rules with eve.json
- Target version deleted (
3.2.1)
Alert logging is unconditional.
I guess you could write your own lua alert logger where you could add your own logic for what to log where.
Thanks for your answer
So with standard methods I can't do this, I need to write a script?! I understand you correctly?!
My goal is index alerts in Splunk, so I want write "top" rules in eve.json and another in stats.log
- Subject changed from Logs to log routing / conditional logging
If you log all in eve you should be able to post process in splunk. Our alert logging is unconditional, so it's all or nothing.
- Assignee set to Anonymous
- Target version set to TBD
- Status changed from New to Closed
- Target version deleted (
TBD)
Also available in: Atom
PDF