[prev in list] [next in list] [prev in thread] [next in thread]
List: oisf-users
Subject: Re: [Oisf-users] EXTERNAL: Re: EVE-Log identity, facility, level
From: Peter Manev <petermanev () gmail ! com>
Date: 2014-06-09 21:03:54
Message-ID: CAMhe82Lu+s1v=yJKKXZG+k0VSgiczoOvM4upFGT5GtTeb4ZVdg () mail ! gmail ! com
[Download RAW message or body]
On Mon, Jun 9, 2014 at 9:58 PM, Gofran, Paul <paul.gofran@lmco.com> wrote:
> Peter, I enabled the syslog section and did see the identity and facility change \
> for my log messages. The level still came out as "info" always though. I tried \
> the following options for level: Debug, debug, "Debug", and "debug". All came \
> out as info.
> So correct me if I'm wrong but are there 3 related issues here?
> 1) The eve-log parameters identity, facility, and level don't effect anything. It \
> didn't matter if I made these the same as the syslog section or different, they \
> didn't take effect. 2) The syslog section is not just for alerts and the identity, \
> facility, and level parameters effect eve-log when it's in syslog mode. 3) The \
> level parameter is not working
> I'll be happy to try out any other test configurations if you have any other ideas. \
> If these are actual issues let me know if you want me to submit a bug. Thanks for \
> the help.
> -Paul
>
>
Could you open a ticket for this one actually?
I think eve.json should be able to make those changes without being
dependent if syslog is enabled further down in the section.
thanks
--
Regards,
Peter Manev
_______________________________________________
Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic