Re:- not fetching logs into eve.json of suricata

286 views

Skip to first unread message

Saurabh Pathak

unread,

Mar 21, 2022, 2:08:49 AM3/21/22

to Wazuh mailing list

Hello Team,

I am try to integrate suricata with wazuh but after all configuration that logs are not into the eve.json file. I am attaching the screenshot of that. Please help

unknown.png

Pedro Nicolás Gomez

unread,

Mar 29, 2022, 5:53:48 PM3/29/22

to Wazuh mailing list

Hi pathakvsaurabh, sorry for the late response.

In the following link to the Wazuh documentation we explain how to integrate with suricata.

https://documentation.wazuh.com/current/proof-of-concept-guide/integrate-network-ids-suricata.html

Basically the steps to follow are:

Install Suricata.
Configure the rules of your interest.
Configure the Wazuh agent to read Suricata logs file.

Here I also share some articles that could be of your interest.

https://documentation.wazuh.com/current/learning-wazuh/suricata.html
https://documentation.wazuh.com/current/proof-of-concept-guide/detect-web-attack-shellshock.html
https://documentation.wazuh.com/current/proof-of-concept-guide/detect-web-attack-sql-injection.html

I hope it helps.
Best regards,

Pedro Nicolas.

Reply all

Reply to author

Forward

0 new messages