Closed jianvector closed 7 months ago
jasonish
commented
7 months ago If you are already sending your log file to EveBox, the stats should just populate. Do you have the stats enabled in your Suricata configuration?
Otherwise, please provide more detail like what dabatase you are using, how you're sending events, etc.
jianvector
commented
7 months ago oops! stats disable in Suricata configuration.
agent.yaml
server: url: http://127.0.0.1:5636 input: paths:
agent yaml config right?
Jason Ish @.***> 于2024年4月11日周四 03:12写道:
If you are already sending your log file to EveBox, the stats should just populate. Do you have the stats enabled in your Suricata configuration?
Otherwise, please provide more detail like what dabatase you are using, how you're sending events, etc.
— Reply to this email directly, view it on GitHub https://github.com/jasonish/evebox/issues/304#issuecomment-2048264798, or unsubscribe https://github.com/notifications/unsubscribe-auth/AYB3Q6GDSGJ2WI6FLVRHDNDY4WFJTAVCNFSM6AAAAABF3CBGKSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANBYGI3DINZZHA . You are receiving this because you authored the thread.Message ID: @.***>
jasonish
commented
7 months ago EveBox cannot consume the Suricata stats.log.
Instead, Suricata includes stats records in the eve.json by default. This is how EveBox gets its stats. It should all just work with a default configuration. If you are seeing alerts in EveBox you should also see stats. Unless you disabled stats output in Suricata.
How to do it with agent, and send log data to server for display on stats pages?
Thanks.