Messages

The goal is to send suricata raw logs to in json format to another system , that can only read json documents, but that header blocking that system form doing so. also it is not possible to filter that header at that system.

think about raw log forwarding alike.

[<174>Aug 5 15:56:41 OPNsense.net suricata[49763]:]

Hello,


Please i need help here, i want to send suricata alerts/logs using eve without the log header.

i want to send the following logs without this line <174>Aug  5 15:56:41 OPNsense.net suricata[49763]:


<174>Aug  5 15:56:41 OPNsense.net suricata[49763]:
{
  "timestamp": "2022-08-05T15:56:41.024807+0400",
  "flow_id": 297267663278777,
  "in_iface": "em5",
  "event_type": "alert",
  "src_ip": "10.10.20.2",
  "src_port": 65292,
  "dest_ip": "206.221.181.253",
  "dest_port": 5553,
  "proto": "TCP",
  "alert": {
    "action": "allowed",
    "gid": 1,
    "signature_id": 2017419,
    "rev": 2,
    "signature": "ET MALWARE Bladabindi/njrat CnC Checkin",
    "category": "Malware Command and Control Activity Detected",
    "severity": 1,
    "metadata": {
      "created_at": [
        "2013_09_05"
      ],
      "former_category": [
        "MALWARE"
      ],
      "updated_at": [
        "2013_09_05"
      ]
    }
  },
  "flow": {
    "pkts_toserver": 3,
    "pkts_toclient": 1,
    "bytes_toserver": 437,
    "bytes_toclient": 66,
    "start": "2022-08-05T15:56:41.004793+0400"
  }
}


Thanks a lot