[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oisf-users
Subject:    Re: [Oisf-users] EXTERNAL: Re:  EVE-Log identity, facility, level
From:       Peter Manev <petermanev () gmail ! com>
Date:       2014-06-09 21:03:54
Message-ID: CAMhe82Lu+s1v=yJKKXZG+k0VSgiczoOvM4upFGT5GtTeb4ZVdg () mail ! gmail ! com
[Download RAW message or body]

On Mon, Jun 9, 2014 at 9:58 PM, Gofran, Paul <paul.gofran@lmco.com> wrote:
> Peter, I enabled the syslog section and did see the identity and facility change \
> for my log messages.  The level still came out as "info" always though.  I tried \
> the following options for level:  Debug, debug, "Debug", and "debug".   All came \
> out as info. 
> So correct me if I'm wrong but are there 3 related issues here?
> 1) The eve-log parameters identity, facility, and level don't effect anything.  It \
> didn't matter if I made these the same as the syslog section or different, they \
> didn't take effect. 2) The syslog section is not just for alerts and the identity, \
> facility, and level parameters effect eve-log when it's in syslog mode. 3) The \
> level parameter is not working 
> I'll be happy to try out any other test configurations if you have any other ideas. \
> If these are actual issues let me know if you want me to submit a bug.  Thanks for \
> the help. 
> -Paul
> 
> 

Could you open a ticket for this one actually?
I think eve.json should be able to make those changes without being
dependent if syslog is enabled further down in the section.

thanks


-- 
Regards,
Peter Manev
_______________________________________________
Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/


[prev in list] [next in list] [prev in thread] [next in thread]