Suricata module question

nunex_17 · April 26, 2021, 6:31pm

Hi!

In my setup, the "eve" log files are separated by category.

Using the Suricata module, how can I send both eve files to elastic? is it possible to use the example below?

- module: suricata
  eve:
    enabled: true
    var.paths: ["/my/path/suricata-events.json"]
    var.paths: ["/my/path/suricata-alerts.json"]

shaunak · April 26, 2021, 6:34pm

Try this:

- module: suricata
  eve:
    enabled: true
    var.paths:
      - "/my/path/suricata-events.json"
      - "/my/path/suricata-alerts.json"

nunex_17 · April 26, 2021, 6:41pm

Many thanks!

Topic		Replies	Views
Filebeat with Suricata module Elasticsearch	1	393	May 19, 2021
Filebeat pipping Suricatas eve.json issues Beats filebeat	2	1503	April 1, 2020
No data has been received from this module yet message (Module Suricata) Beats docker , beats-module , filebeat	1	235	May 20, 2024
I didnt get suricata eve.json Kibana	5	1684	August 29, 2019
Using the Filebeat Suricata Module for EVE-Logs in Syslog messages Beats beats-module , filebeat	1	1001	October 7, 2020