Suricata
Suricata is network monitor with a rule matching engine to detect threats.
Use Tenzir to acquire, process, and store Suricata logs.
Ingest EVE JSON logs into a node
EVE JSON is the log format in which Suricata generates events.
A typical Suricata configuration looks like this:
The filetype
setting determines how you'd process the log file.
Import from a file
By default, Suricata uses the file type regular
. Ingest into a node as
follows:
Import from a Unix domain socket
If your filetype
setting is unix_stream
, you need to create a Unix domain
socket first, e.g., like this:
Then you can use the same pipeline as above, since Tenzir automatically detects the file type.