Add support for JSON output to syslog/unix_stream/unix_dgram

12 years ago · 07d3b38d3b
parent 1dd6d7a104
commit 07d3b38d3b
2 changed files with 8 additions and 3 deletions
--- a/src/alert-json.c
+++ b/src/alert-json.c
@ -312,12 +312,12 @@ TmEcode OutputJSON(json_t *js, void *data, uint64_t *count)
        return TM_ECODE_OK;

    SCMutexLock(&aft->file_ctx->fp_mutex);
-    if (json_out == ALERT_FILE) {
+    if (json_out == ALERT_SYSLOG) {
+        syslog(alert_syslog_level, "%s", js_s);
+    } else if (json_out == ALERT_FILE) {
        MemBufferWriteString(buffer, "%s\n", js_s);
        (void)MemBufferPrintToFPAsString(buffer, aft->file_ctx->fp);
        fflush(aft->file_ctx->fp);
-    } else {
-        syslog(alert_syslog_level, "%s", js_s);
    }
    *count += 1;
    SCMutexUnlock(&aft->file_ctx->fp_mutex);
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@ -87,6 +87,11 @@ outputs:
      enabled: yes
      type: file #file|syslog|unix_dgram|unix_stream
      filename: eve.json
+      # the following are valid when type: syslog above
+      #identity: "suricata"
+      #facility: local5
+      #level: Info ## possible levels: Emergency, Alert, Critical,
+                   ## Error, Warning, Notice, Info, Debug
      types:
        - alert
        - http: