The registration of tenant and tenant handlers can be done on a
running engine.
+
+Eve JSON output
+---------------
+
+When multi-tenant support is configured and the detect engine is active then
+all EVE-types that report based on flows will also report the corresponding
+``tenant_id`` for events matching a tenant configuration.
# Seed value for the ID output. Valid values are 0-65535.
community-id-seed: 0
+Multi Tenancy
+-------------
+
+Suricata can be configured to support multiple tenants with different detection
+engine configurations. When these tenants are configured and the detection
+engine is running then all EVE logging will also report the ``tenant_id`` field
+for traffic matching a specific tenant.
.. _deprecation policy: https://suricata-ids.org/about/deprecation-policy/
if (cfg->include_community_id && f != NULL) {
CreateEveCommunityFlowId(js, f, cfg->community_id_seed);
}
+ if (f != NULL && f->tenant_id > 0) {
+ jb_set_uint(js, "tenant_id", f->tenant_id);
+ }
}
/**
projects / thirdparty / suricata.git / commitdiff
