Hi!
In my setup, the "eve" log files are separated by category.
Using the Suricata module, how can I send both eve files to elastic? is it possible to use the example below?
- module: suricata
eve:
enabled: true
var.paths: ["/my/path/suricata-events.json"]
var.paths: ["/my/path/suricata-alerts.json"]
Try this:
- module: suricata
eve:
enabled: true
var.paths:
- "/my/path/suricata-events.json"
- "/my/path/suricata-alerts.json"
Many thanks!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.