Project

General

Profile

Actions
Copy link

Support #2910

closed

When we enable the filetype to unix_stream or unix_gram for eve-log it is not creating a file.

Added by Waseem Farooqui about 5 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Suricata-Update - TBD
Label:

Description

I have the following configurations for write the data to the socket.

- eve-log:
      enabled: yes
      filetype: unix_stream #regular|syslog|unix_dgram|unix_stream|redis
      filename: eve.socket
      #prefix: "@cee: " # prefix to prepend to each log entry
      # the following are valid when type: syslog above
      #identity: "suricata" 
      #facility: local5
      #level: Info ## possible levels: Emergency, Alert, Critical,
                   ## Error, Warning, Notice, Info, Debug

When we enable unix_stream or unix_dgram, it doesn't create the socket file instead throws an error in debug that socket file not found.
Are we supposed to provide our own socket listener file?
Or is this a bug?

Actions
Copy link
 #1

Updated by Waseem Farooqui about 5 years ago 

28/3/2019 -- 11:55:23 - <Warning> - [ERRCODE: SC_ERR_SOCKET(200)] - Error connecting to socket "/var/log/suricata//eve.socket": No such file or directory (will keep trying)
Actions
Copy link
 #2

Updated by Victor Julien about 5 years ago

  • Tracker changed from Bug to Support

Yes you are to provide the socket yourself.

Actions
Copy link
 #3

Updated by Shivani Bhardwaj almost 5 years ago

  • Assignee deleted (Shivani Bhardwaj)
  • Effort deleted (high)
  • Difficulty deleted (medium)
  • Label deleted (Beginner)
Actions
Copy link
 #4

Updated by Andreas Herz almost 5 years ago

  • Project changed from Suricata-Update to Suricata
  • Target version deleted (TBD)
Actions
Copy link
 #5

Updated by Victor Julien almost 5 years ago

  • Status changed from New to Closed
Actions
Copy link

Also available in: Atom PDF