Add "united" log to suricata.yaml.in

author Tom DeCanio <decanio.tom@gmail.com>

Fri, 8 Nov 2013 19:27:52 +0000 (11:27 -0800)

committer Victor Julien <victor@inliniac.net>

Wed, 29 Jan 2014 10:07:51 +0000 (11:07 +0100)
author Tom DeCanio <decanio.tom@gmail.com>
Fri, 8 Nov 2013 19:27:52 +0000 (11:27 -0800)
committer Victor Julien <victor@inliniac.net>
Wed, 29 Jan 2014 10:07:51 +0000 (11:07 +0100)
diff --git a/suricata.yaml.in b/suricata.yaml.in

index 199bc7c29e1fdd876653bb99cdc9ebcc63887549..6cf93ccfa989fcb63c7d04467d0838a45eee6eb1 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -82,6 +82,24 @@ outputs:
        append: yes
        #filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'
  
+  # "United" event log in JSON format
+  - eve-log:
+      enabled: yes
+      type: file #file|syslog|unix_dgram|unix_stream
+      filename: eve.json
+      types:
+        - alert
+        - http:
+            extended: yes     # enable this for extended logging information
+        - dns
+        - tls:
+            extended: yes     # enable this for extended logging information
+        #- files
+        #  force-magic: no   # force logging magic on all logged files
+        #  force-md5: no     # force logging of md5 checksums
+        #- drop
+        #- ssh
+
    # alert output for use with Barnyard2
    - unified2-alert:
        enabled: yes
@@ -206,13 +224,6 @@ outputs:
        #level: Info ## possible levels: Emergency, Alert, Critical,
                     ## Error, Warning, Notice, Info, Debug
  
-  # alerts output to JSON
-  - json:
-    enabled: yes
-    format: compact  # alternatives 'compact', 'indent'
-    #filename: json.log
-    #output: syslog # alternatives 'file', 'syslog'
-
    # a line based information for dropped packets in IPS mode
    - drop:
        enabled: no
author	Tom DeCanio <decanio.tom@gmail.com>
	Fri, 8 Nov 2013 19:27:52 +0000 (11:27 -0800)
committer	Victor Julien <victor@inliniac.net>
	Wed, 29 Jan 2014 10:07:51 +0000 (11:07 +0100)