Support #391: How to disable saving of Suricata logs - Suricata - Open Information Security Foundation

Actions

Copy link

Support #391

closed

How to disable saving of Suricata logs

Added by Lambert Osas almost 13 years ago. Updated almost 13 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Affected Versions:

Label:

Description

Hi,

I would like to know if there is a way to make Suricata log in active mode so that we can just view the logs without actually saving the logs using a command like below:

tail -f /var/log/suricata/fast.log

tail -f /var/log/suricata/drop.log

The logs produced are really enormous and within 24 hrs of running Suricata, the logs were about 2GB.

Please help in this regard

Actions

Copy link

Updated by Victor Julien almost 13 years ago

Priority changed from High to Normal

Issue #250 will hopefully fix this.

Actions

Copy link

Updated by Victor Julien almost 13 years ago

Status changed from New to Closed

Using unix socket options for the outputs this can be achieved. There is a simple demo script to get the logs this way. It's in the source tarball: qa/sock_to_gzip_file.py

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Support #391

How to disable saving of Suricata logs

Updated by Victor Julien almost 13 years ago

Updated by Victor Julien almost 13 years ago