Did not result the eve.json.

vipinpv85 / DPDK-Suricata_3.0

add dpdk interface and packet processing to suricata in worker mode

https://github.com/vipinpv85/DPDK-Suricata_3.0

GNU Lesser General Public License v3.0

62 stars 34 forks source link

Did not result the eve.json. #14

Closed tolunFdancer closed 5 years ago

tolunFdancer commented 5 years ago

When I run "./src/suricata -c suricata.yaml --dpdkintel",it works successfully, but did not result the eve.json, the rest shows normal(fast.log、http.log、stats.log）. [root@localhost suricata]# ll total 52 -rw-r--r--. 1 root root 17640 Aug 22 03:17 fast.log -rw-r--r--. 1 root root 2326 Aug 22 03:17 http.log -rw-r--r--. 1 root root 24659 Aug 22 03:28 stats.log

Here it the configure in the suricata.yaml:

vipinpv85 commented 5 years ago

There are no dpdk specific changes in json event generation. Hence I am not able to help in this.

There are also not enough debug points for me look into. Please take a look into the json event generation and update here it will be helpful for all.

tolunFdancer commented 5 years ago

Hi, I fixed this issue.

down load the jansson from "https://github.com/akheron/jansson" and build it.
reconfigure the suricata.

Run " ./src/suricata --build-info" shows: libjansson support: yes

vipinpv85 commented 5 years ago

So basically, suricata was not build with josn support.