Support #391: How to disable saving of Suricata logs - Suricata - Open Information Security Foundation

Actions

Copy link

Support #391

closed

How to disable saving of Suricata logs

Support #391: How to disable saving of Suricata logs

Added by Lambert Osas over 14 years ago. Updated over 14 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Affected Versions:

Label:

Description

Hi,

I would like to know if there is a way to make Suricata log in active mode so that we can just view the logs without actually saving the logs using a command like below:

tail -f /var/log/suricata/fast.log

tail -f /var/log/suricata/drop.log

The logs produced are really enormous and within 24 hrs of running Suricata, the logs were about 2GB.

Please help in this regard

VJ Updated by Victor Julien over 14 years ago Actions
Copy link
#1

Priority changed from High to Normal

Issue #250 will hopefully fix this.

VJ Updated by Victor Julien over 14 years ago Actions
Copy link
#2

Status changed from New to Closed

Using unix socket options for the outputs this can be achieved. There is a simple demo script to get the logs this way. It's in the source tarball: qa/sock_to_gzip_file.py

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Support #391

How to disable saving of Suricata logs

VJ Updated by Victor Julien over 14 years ago Actions
Copy link
#1

VJ Updated by Victor Julien over 14 years ago Actions
Copy link
#2

Project

General

Profile

Suricata

Custom queries

Support #391

How to disable saving of Suricata logs

VJ Updated by Victor Julien over 14 years ago ActionsCopy link #1

VJ Updated by Victor Julien over 14 years ago ActionsCopy link #2

VJ Updated by Victor Julien over 14 years ago Actions
Copy link
#1

VJ Updated by Victor Julien over 14 years ago Actions
Copy link
#2