Actions
Feature #2671
closedAdd Log level to suricata.log when using JSON type
Effort:
low
Difficulty:
low
Label:
Description
Currently the log level (Info, Warning, Error, etc.) is missing from the suricata.log file when choosing JSON as the type.
Here is an example of the log output in 4.0.5:
{"timestamp":"2018-11-09T10:43:51.454590-0600","event_type":"engine","engine":{"message":"This is Suricata version 4.0.5 RELEASE"}}
{"timestamp":"2018-11-09T10:43:51.454766-0600","event_type":"engine","engine":{"message":"CPUs\/cores online: 1"}}
{"timestamp":"2018-11-09T10:43:51.459482-0600","event_type":"engine","engine":{"message":"Found an MTU of 1500 for 'eth0'"}}
{"timestamp":"2018-11-09T10:43:51.459548-0600","event_type":"engine","engine":{"message":"Found an MTU of 1500 for 'eth0'"}}
{"timestamp":"2018-11-09T10:43:51.482034-0600","event_type":"engine","engine":{"message":"Running in live mode, activating unix socket"}}
This request is to add the log level, as this is useful when using logging for alerting purposes.
An example of the desired output is:
{"timestamp":"2018-11-09T12:05:27.806528-0600","log_level":"Notice","event_type":"engine","engine":{"message":"This is Suricata version 4.0.5 RELEASE"}}
{"timestamp":"2018-11-09T12:05:27.806976-0600","log_level":"Info","event_type":"engine","engine":{"message":"CPUs\/cores online: 1"}}
{"timestamp":"2018-11-09T12:05:27.812498-0600","log_level":"Info","event_type":"engine","engine":{"message":"Found an MTU of 1500 for 'eth0'"}}
{"timestamp":"2018-11-09T12:05:27.812555-0600","log_level":"Info","event_type":"engine","engine":{"message":"Found an MTU of 1500 for 'eth0'"}}
Actions