Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IDS/IPS - Remote Syslog Contents #2349

Closed
eljeffeg opened this issue Apr 11, 2018 · 3 comments
Closed

IDS/IPS - Remote Syslog Contents #2349

eljeffeg opened this issue Apr 11, 2018 · 3 comments
Assignees
@fichtner
Labels
feature Adding new functionality
Milestone
18.7

Comments

@eljeffeg
Copy link
Contributor

eljeffeg commented Apr 11, 2018
edited
Loading

Would be nice to have an option in the Remote Syslog Contents for the IDS/IPS sending to Syslog if possible.
@eljeffeg eljeffeg changed the title Remote Syslog Contents IDS/IPS - Remote Syslog Contents Apr 11, 2018
@fichtner
Copy link
Member

Yupp, we've recently enabled syslog by default in IDS... it's been a longer journey on this front due to the focus on eve logging. I'll add this as separate option... although sending all logs should already work on 18.1.4 and up if enabled in IDS.

@fichtner fichtner self-assigned this Apr 11, 2018
@fichtner fichtner added the feature Adding new functionality label Apr 11, 2018
@fichtner fichtner added this to the 18.7 milestone Apr 11, 2018
@eljeffeg
Copy link
Contributor Author

It would also be cool if we could get the IDS Alerts in a Dashboard Widget.

@eljeffeg eljeffeg mentioned this issue Apr 12, 2018
Closed
@tuwid
Copy link

tuwid commented May 16, 2018

@jeffg2k I was testing it manually and its possible to send the contents of /var/log/suricata/eve.log via syslog but this would require manually changing the config file here /etc/syslog.conf which suricata can potentially override.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fichtner fichtner

Labels
feature Adding new functionality
Milestone
18.7
Development

No branches or pull requests
3 participants
@eljeffeg @fichtner @tuwid