]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1dd6d7a)
Add support for JSON output to syslog/unix_stream/unix_dgram
authorTom DeCanio <decanio.tom@gmail.com>
Fri, 8 Nov 2013 19:39:49 +0000 (11:39 -0800)
committerVictor Julien <victor@inliniac.net>
Wed, 29 Jan 2014 10:07:51 +0000 (11:07 +0100)
src/alert-json.c patch | blob | blame | history
suricata.yaml.in patch | blob | blame | history

diff --git a/src/alert-json.c b/src/alert-json.c
index 6ae68a56561c4ab77c2d70922a406ba2a0ca55f7..36913f7662c4481ca44cec6e05fa1cb2cd858445 100644 (file)
--- a/src/alert-json.c
+++ b/src/alert-json.c
@@ -312,12 +312,12 @@ TmEcode OutputJSON(json_t *js, void *data, uint64_t *count)
         return TM_ECODE_OK;
 
     SCMutexLock(&aft->file_ctx->fp_mutex);
-    if (json_out == ALERT_FILE) {
+    if (json_out == ALERT_SYSLOG) {
+        syslog(alert_syslog_level, "%s", js_s);
+    } else if (json_out == ALERT_FILE) {
         MemBufferWriteString(buffer, "%s\n", js_s);
         (void)MemBufferPrintToFPAsString(buffer, aft->file_ctx->fp);
         fflush(aft->file_ctx->fp);
-    } else {
-        syslog(alert_syslog_level, "%s", js_s);
     }
     *count += 1;
     SCMutexUnlock(&aft->file_ctx->fp_mutex);
diff --git a/suricata.yaml.in b/suricata.yaml.in
index 6cf93ccfa989fcb63c7d04467d0838a45eee6eb1..8172b90dd3685002a9837285450ddfd4d84d5a4c 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -87,6 +87,11 @@ outputs:
       enabled: yes
       type: file #file|syslog|unix_dgram|unix_stream
       filename: eve.json
+      # the following are valid when type: syslog above
+      #identity: "suricata"
+      #facility: local5
+      #level: Info ## possible levels: Emergency, Alert, Critical,
+                   ## Error, Warning, Notice, Info, Debug
       types:
         - alert
         - http:
Mirror of https://github.com/OISF/suricata.git