From 87d0e312cec11b22af6bfa9d61320aa1d9a8d200 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 6 Aug 2025 11:13:14 +0100
Subject: [PATCH] suricata: Enable EVE logging to the reporter

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/suricata/suricata-reporter | 2 +-
 config/suricata/suricata.yaml     | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/suricata/suricata-reporter b/config/suricata/suricata-reporter
index a25fab284..d31bf4312 100644
--- a/config/suricata/suricata-reporter
+++ b/config/suricata/suricata-reporter
@@ -29,7 +29,7 @@ import signal
 import socket
 import sys
 
-SOCKET_PATH = "/var/run/suricata-reporter.socket"
+SOCKET_PATH = "/var/run/suricata/reporter.socket"
 
 log = logging.getLogger("suricata-reporter")
 log.setLevel(logging.DEBUG)
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index c21e18bb1..31c8d3897 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -94,9 +94,9 @@ outputs:
 
   # Extensible Event Format (nicknamed EVE) event log in JSON format
   - eve-log:
-      enabled: no
-      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
-      filename: eve.json
+      enabled: yes
+      filetype: unix_dgram #regular|syslog|unix_dgram|unix_stream|redis
+      filename: /var/run/suricata/reporter.socket
       # Enable for multi-threaded eve.json output; output files are amended with
       # an identifier, e.g., eve.9.json
       #threaded: false
-- 
2.47.3