Support #2910: When we enable the filetype to unix_stream or unix_gram for eve-log it is not creating a file. - Suricata - Open Information Security Foundation

Actions

Copy link

Support #2910

closed

When we enable the filetype to unix_stream or unix_gram for eve-log it is not creating a file.

Added by Waseem Farooqui about 5 years ago. Updated about 5 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Affected Versions:

Suricata-Update - TBD

Label:

Description

I have the following configurations for write the data to the socket.

- eve-log:
      enabled: yes
      filetype: unix_stream #regular|syslog|unix_dgram|unix_stream|redis
      filename: eve.socket
      #prefix: "@cee: " # prefix to prepend to each log entry
      # the following are valid when type: syslog above
      #identity: "suricata" 
      #facility: local5
      #level: Info ## possible levels: Emergency, Alert, Critical,
                   ## Error, Warning, Notice, Info, Debug

When we enable unix_stream or unix_dgram, it doesn't create the socket file instead throws an error in debug that socket file not found.
Are we supposed to provide our own socket listener file?
Or is this a bug?

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Support #2910

When we enable the filetype to unix_stream or unix_gram for eve-log it is not creating a file.

Updated by Waseem Farooqui about 5 years ago

Updated by Victor Julien about 5 years ago

Updated by Shivani Bhardwaj about 5 years ago

Updated by Andreas Herz about 5 years ago

Updated by Victor Julien about 5 years ago