From 1dd6d7a104e06912edc9875683f4ed0a2f7ac3c1 Mon Sep 17 00:00:00 2001
From: Tom DeCanio <decanio.tom@gmail.com>
Date: Fri, 8 Nov 2013 11:27:52 -0800
Subject: [PATCH] Add "united" log to suricata.yaml.in

---
 suricata.yaml.in | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/suricata.yaml.in b/suricata.yaml.in
index 199bc7c29e..6cf93ccfa9 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -82,6 +82,24 @@ outputs:
       append: yes
       #filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'
 
+  # "United" event log in JSON format
+  - eve-log:
+      enabled: yes
+      type: file #file|syslog|unix_dgram|unix_stream
+      filename: eve.json
+      types:
+        - alert
+        - http:
+            extended: yes     # enable this for extended logging information
+        - dns
+        - tls:
+            extended: yes     # enable this for extended logging information
+        #- files
+        #  force-magic: no   # force logging magic on all logged files
+        #  force-md5: no     # force logging of md5 checksums
+        #- drop
+        #- ssh
+
   # alert output for use with Barnyard2
   - unified2-alert:
       enabled: yes
@@ -206,13 +224,6 @@ outputs:
       #level: Info ## possible levels: Emergency, Alert, Critical,
                    ## Error, Warning, Notice, Info, Debug
 
-  # alerts output to JSON
-  - json:
-    enabled: yes
-    format: compact  # alternatives 'compact', 'indent'
-    #filename: json.log
-    #output: syslog # alternatives 'file', 'syslog'
-
   # a line based information for dropped packets in IPS mode
   - drop:
       enabled: no