Actions
Support #2910
closedWhen we enable the filetype to unix_stream or unix_gram for eve-log it is not creating a file.
Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:
Description
I have the following configurations for write the data to the socket.
- eve-log:
enabled: yes
filetype: unix_stream #regular|syslog|unix_dgram|unix_stream|redis
filename: eve.socket
#prefix: "@cee: " # prefix to prepend to each log entry
# the following are valid when type: syslog above
#identity: "suricata"
#facility: local5
#level: Info ## possible levels: Emergency, Alert, Critical,
## Error, Warning, Notice, Info, Debug
When we enable unix_stream or unix_dgram, it doesn't create the socket file instead throws an error in debug that socket file not found.
Are we supposed to provide our own socket listener file?
Or is this a bug?
Actions