Suricata module question

nunex_17 · April 26, 2021, 6:31pm

Hi!

In my setup, the "eve" log files are separated by category.

Using the Suricata module, how can I send both eve files to elastic? is it possible to use the example below?

- module: suricata
  eve:
    enabled: true
    var.paths: ["/my/path/suricata-events.json"]
    var.paths: ["/my/path/suricata-alerts.json"]

shaunak · April 26, 2021, 6:34pm

Try this:

- module: suricata
  eve:
    enabled: true
    var.paths:
      - "/my/path/suricata-events.json"
      - "/my/path/suricata-alerts.json"

nunex_17 · April 26, 2021, 6:41pm

Many thanks!

system · May 24, 2021, 8:42pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat with Suricata module Elasticsearch	1	359	May 19, 2021
Filebeat pipping Suricatas eve.json issues Beats filebeat	2	1440	April 1, 2020
Using the Filebeat Suricata Module for EVE-Logs in Syslog messages Beats beats-module , filebeat	1	936	October 7, 2020
I didnt get suricata eve.json Kibana	5	1570	August 29, 2019
Filebeat suricata Beats beats-module , filebeat	10	891	June 28, 2022