suricata: Enable EVE logging to the reporter

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/suricata/suricata-reporter b/config/suricata/suricata-reporter
index a25fab28421e9adc43d439fce706ef951bf89969..d31bf43125bc192ecfdbfa940eb090676491ce01 100644 (file)
--- a/config/suricata/suricata-reporter
+++ b/config/suricata/suricata-reporter
@@ -29,7 +29,7 @@ import signal
 import socket
 import sys
 
-SOCKET_PATH = "/var/run/suricata-reporter.socket"
+SOCKET_PATH = "/var/run/suricata/reporter.socket"
 
 log = logging.getLogger("suricata-reporter")
 log.setLevel(logging.DEBUG)

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index c21e18bb1ba6448f0fbd19e3dd97fe299bc44ad5..31c8d38977818328a831f1925c711bd08d5bfbb8 100644 (file)
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -94,9 +94,9 @@ outputs:
 
   # Extensible Event Format (nicknamed EVE) event log in JSON format
   - eve-log:
-      enabled: no
-      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
-      filename: eve.json
+      enabled: yes
+      filetype: unix_dgram #regular|syslog|unix_dgram|unix_stream|redis
+      filename: /var/run/suricata/reporter.socket
       # Enable for multi-threaded eve.json output; output files are amended with
       # an identifier, e.g., eve.9.json
       #threaded: false