https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022019-05-25T02:05:31ZOpen Information Security FoundationSuricata - Support #2990: files-json.log is emptyhttps://redmine.openinfosecfoundation.org/issues/2990?journal_id=122202019-05-25T02:05:31ZAnh Pham
<ul></ul><p>I use suricata 4.0.4 and in suricata.yaml, i edited fast.log and files-json.log to enabled:yes - append:yes. But when I cat fast.log and files-json.log, files-json.log is empty.</p>
<p>Is there any way to solve this problem? Thank you very much.</p> Suricata - Support #2990: files-json.log is emptyhttps://redmine.openinfosecfoundation.org/issues/2990?journal_id=122212019-05-25T07:34:55ZVictor Julienvictor@inliniac.net
<ul><li><strong>Tracker</strong> changed from <i>Bug</i> to <i>Support</i></li></ul> Suricata - Support #2990: files-json.log is emptyhttps://redmine.openinfosecfoundation.org/issues/2990?journal_id=122232019-05-26T08:02:21ZPeter Manevpetermanev@gmail.com
<ul></ul><p>I would recommend using latest stable Suricata - 4.1.4 and eve.json (instead of fast.log and files log as these are legacy).<br />After it is up and running , check if Suricata starts properly , if there are no errors , if you have defined your networks correctly.</p> Suricata - Support #2990: files-json.log is emptyhttps://redmine.openinfosecfoundation.org/issues/2990?journal_id=122462019-05-27T20:50:46ZAndreas Herzoisf@herzandreas.de
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li><li><strong>Assignee</strong> set to <i>Anh Pham</i></li><li><strong>Target version</strong> set to <i>Support</i></li></ul><p>Can you also add the configuration file so we can check for any issues there?</p> Suricata - Support #2990: files-json.log is emptyhttps://redmine.openinfosecfoundation.org/issues/2990?journal_id=138832019-09-26T08:47:19ZVictor Julienvictor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Closed</i></li></ul>