filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
filename: eve.json
- # Enable for multi-threaded eve.json output; output files are suffixed
- # with an identifier, e.g., eve.json.9.. Default: off
+ # Enable for multi-threaded eve.json output; output files are amended
+ # with an identifier, e.g., eve.9.json. Default: off
#threaded: off
#prefix: "@cee: " # prefix to prepend to each log entry
# the following are valid when type: syslog above
~~~~~~~~~~~~~~~~~~~~
By default, all output is written to the named filename in the outputs section. The ``threaded`` option enables
-each output thread to write to individual files prefixed with the configured ``filenmae``.
+each output thread to write to individual files. In this case, the ``filename`` will include a unique identifier.
+
+With ``threaded`` enabled, the output will be split among many files -- and
+the aggregate of each file's contents must be treated together.
::
threaded: on
This example will cause each Suricata thread to write to its own "eve.json" file. Filenames are constructed
-by adding a suffix with the thread id. For example, the thread with id 7 would write to `eve.json.7`.
+by adding a unique identifier to the filename. For example, ``eve.7.json``.
-With ``threaded`` enabled, the output will be split among many files -- each having the same prefix and a unique suffix -- and
-the aggregate of each file's contents must be treated together.
Rotate log file
~~~~~~~~~~~~~~~
enabled: yes
filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
filename: eve.json
- # Enable for multi-threaded eve.json output; output files are suffixed
- # with an identifier, e.g., eve.json.9.
+ # Enable for multi-threaded eve.json output; output files are amended
+ # with an identifier, e.g., eve.9.json
#threaded: false
#prefix: "@cee: " # prefix to prepend to each log entry
# the following are valid when type: syslog above
projects / thirdparty / suricata.git / commitdiff
