|
|
|
|
@ -82,6 +82,24 @@ outputs:
|
|
|
|
|
append: yes
|
|
|
|
|
#filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'
|
|
|
|
|
|
|
|
|
|
# "United" event log in JSON format
|
|
|
|
|
- eve-log:
|
|
|
|
|
enabled: yes
|
|
|
|
|
type: file #file|syslog|unix_dgram|unix_stream
|
|
|
|
|
filename: eve.json
|
|
|
|
|
types:
|
|
|
|
|
- alert
|
|
|
|
|
- http:
|
|
|
|
|
extended: yes # enable this for extended logging information
|
|
|
|
|
- dns
|
|
|
|
|
- tls:
|
|
|
|
|
extended: yes # enable this for extended logging information
|
|
|
|
|
#- files
|
|
|
|
|
# force-magic: no # force logging magic on all logged files
|
|
|
|
|
# force-md5: no # force logging of md5 checksums
|
|
|
|
|
#- drop
|
|
|
|
|
#- ssh
|
|
|
|
|
|
|
|
|
|
# alert output for use with Barnyard2
|
|
|
|
|
- unified2-alert:
|
|
|
|
|
enabled: yes
|
|
|
|
|
@ -206,13 +224,6 @@ outputs:
|
|
|
|
|
#level: Info ## possible levels: Emergency, Alert, Critical,
|
|
|
|
|
## Error, Warning, Notice, Info, Debug
|
|
|
|
|
|
|
|
|
|
# alerts output to JSON
|
|
|
|
|
- json:
|
|
|
|
|
enabled: yes
|
|
|
|
|
format: compact # alternatives 'compact', 'indent'
|
|
|
|
|
#filename: json.log
|
|
|
|
|
#output: syslog # alternatives 'file', 'syslog'
|
|
|
|
|
|
|
|
|
|
# a line based information for dropped packets in IPS mode
|
|
|
|
|
- drop:
|
|
|
|
|
enabled: no
|
|
|
|
|
|
Tom DeCanio
12 years ago
committed by
Victor Julien