Suricata eve.json flow and netflow - output module not found
1,679 views
Skip to first unread message
john....@gmail.com
Jan 30, 2015, 11:21:11 AM1/30/15
to securit...@googlegroups.com
Hi,
I am tring to enable flow and netflow logging in suricata.
I have done this config:
- eve-log:
enabled: yes
type: file #file|syslog|unix_dgram|unix_stream
filename: eve.json
# the following are valid when type: syslog above
#identity: "suricata"
#facility: local5
#level: Info ## possible levels: Emergency, Alert, Critical,
## Error, Warning, Notice, Info, Debug
types:
- alert
- http:
extended: yes # enable this for extended logging information
# custom allows additional http fields to be included in eve-log
# the example below adds three additional fields when uncommented
#custom: [Accept-Encoding, Accept-Language, Authorization]
- dns
- tls:
extended: yes # enable this for extended logging information
- files:
force-magic: yes # force logging magic on all logged files
force-md5: yes # force logging of md5 checksums
#- drop
- ssh
- smtp
- flow
- netflow
But it seems that flow and netflow are not working.
30/1/2015 -- 15:26:36 - <Warning> - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.flow, ignoring
30/1/2015 -- 15:26:36 - <Warning> - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.netflow, ignoring
Could you please help me on this?
Thanks a lot!
John
I am tring to enable flow and netflow logging in suricata.
I have done this config:
- eve-log:
enabled: yes
type: file #file|syslog|unix_dgram|unix_stream
filename: eve.json
# the following are valid when type: syslog above
#identity: "suricata"
#facility: local5
#level: Info ## possible levels: Emergency, Alert, Critical,
## Error, Warning, Notice, Info, Debug
types:
- alert
- http:
extended: yes # enable this for extended logging information
# custom allows additional http fields to be included in eve-log
# the example below adds three additional fields when uncommented
#custom: [Accept-Encoding, Accept-Language, Authorization]
- dns
- tls:
extended: yes # enable this for extended logging information
- files:
force-magic: yes # force logging magic on all logged files
force-md5: yes # force logging of md5 checksums
#- drop
- ssh
- smtp
- flow
- netflow
But it seems that flow and netflow are not working.
30/1/2015 -- 15:26:36 - <Warning> - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.flow, ignoring
30/1/2015 -- 15:26:36 - <Warning> - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.netflow, ignoring
Could you please help me on this?
Thanks a lot!
John
Doug Burks
Jan 30, 2015, 11:23:57 AM1/30/15
to securit...@googlegroups.com
Hi John,
This question is probably better suited for the Suricata mailing list:
https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
This question is probably better suited for the Suricata mailing list:
https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
Victor Julien
Jan 30, 2015, 11:25:54 AM1/30/15
to securit...@googlegroups.com
On 01/30/2015 05:23 PM, Doug Burks wrote:
> Hi John,
>
> This question is probably better suited for the Suricata mailing list:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> On Fri, Jan 30, 2015 at 11:21 AM, <john....@gmail.com> wrote:
>> Hi,
>>
>> I am tring to enable flow and netflow logging in suricata.
Both are part of the 2.1 series, currently in beta. Security Onion has
> Hi John,
>
> This question is probably better suited for the Suricata mailing list:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> On Fri, Jan 30, 2015 at 11:21 AM, <john....@gmail.com> wrote:
>> Hi,
>>
>> I am tring to enable flow and netflow logging in suricata.
Suricata 2.0
Cheers,
Victor
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
john....@gmail.com
Jan 30, 2015, 11:37:30 AM1/30/15
to securit...@googlegroups.com
Thank you so much Victor, Doug!
Extremely fast and sharp!
So I have to wait.
Just to know, is there any release date for that?
Take care
John
Extremely fast and sharp!
So I have to wait.
Just to know, is there any release date for that?
Take care
John
Victor Julien
Feb 5, 2015, 4:10:10 AM2/5/15
to securit...@googlegroups.com
On 01/30/2015 05:37 PM, john....@gmail.com wrote:
> Thank you so much Victor, Doug!
> Extremely fast and sharp!
>
> So I have to wait.
> Just to know, is there any release date for that?
We're still in the 'When It's Done(tm)'-mode currently. Keep an eye on
> Thank you so much Victor, Doug!
> Extremely fast and sharp!
>
> So I have to wait.
> Just to know, is there any release date for that?
https://redmine.openinfosecfoundation.org/projects/suricata/roadmap
Cheers,
Victor
Reply all
Reply to author
Forward
0 new messages