suricata

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

cybersecurity ids intrusion-detection-system intrusion-prevention-system ips network-monitor network-monitoring nsm security suricata threat-hunting

You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Go to file

Eric Leblond 6c3c234ca5 output-json: update timestamp format This patch updates the timestamp format used in eve loggin. It uses a ISO 8601 comptatible string. This allow tools parsing the output to easily detect adn/or use the timestamp. In the EVE JSON output, the value of the timestamp key has been changed to 'timestamp' (instead of 'time'). This allows tools like Splunk to detect the timestamp and use it without configuration. Logstash configuration is simple: input { file { path => [ "/usr/local/var/log/suricata/eve.json" ] codec => json type => "suricata-log" } } filter { if [type] == "suricata-log" { date { match => [ "timestamp", "ISO8601" ] } } } In splunk, auto detection of the fle format is failling and it seems you need to define a type to parse JSON in $SPLUNK_DIR/etc/system/local/props.conf: [suricata] KV_MODE = json NO_BINARY_CHECK = 1 TRUNCATE = 0 Then you can simply declare the log file in $SPLUNK_DIR/etc/system/local/inputs.conf: [monitor:///usr/local/var/log/suricata/eve.json] sourcetype = suricata In both cases the timestamp are correctly imported by the tools.		12 years ago
benches	Initial add of the files.	16 years ago
contrib	Add option on Tile-Gx for logging for fast.log alerts over PCIe	12 years ago
doc	Update docs from wiki	13 years ago
m4	Prelude plugin: add detection in configure script	16 years ago
qa	Updated banned function cocci check	12 years ago
rules	classification: add category to some stream rules	12 years ago
scripts	suricatasc: fix make distcheck.	13 years ago
src	output-json: update timestamp format	12 years ago
.gitignore	unittest: make check use a qa/log dir for logging	12 years ago
COPYING	Initial add of the files.	16 years ago
ChangeLog	Update Changelog for 2.0rc1 release	12 years ago
LICENSE	import of gplv2 LICENSE	16 years ago
Makefile.am	make install-full: get correct version of ET	12 years ago
Makefile.cvs	Initial add of the files.	16 years ago
acsite.m4	Added C99 defs/macros to acsite.m4 for CentOS	16 years ago
autogen.sh	OpenBSD 5.2 build fixes, Unit test fix.	13 years ago
classification.config	Import of classification.config	16 years ago
config.rpath	Add file needed for some autotools version.	12 years ago
configure.ac	OpenBSD: set correct magic path	12 years ago
doxygen.cfg	doxygen: document all code	12 years ago
reference.config	Add md5 to reference.config.	14 years ago
suricata.yaml.in	Disable emerging-icmp in default config	12 years ago
threshold.config	threshold: improve comments of shipped threshold.config, add links to wiki.	13 years ago