Suricata Agent Integration - Unable to grab eve.json

Hello all,

I have successfully added the Elastic Agent to my security onion host and it is correctly grabbing the Zeek logs. However, the agent doesn’t seem to be able to pull the Suricata logs even though it was doing it previously.

My suricata logs are stored in /nsm/suricata and I have set this as the log path in the suricata integration policy. Could anyone help to confirm why this is not working please?

Please see attached the photos of my deployment and command line output.

Thank you!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.