NTopNG consuming Suricata EVE logs

Domenec · February 03, 2021, 07:01:27 AM

Hi Guys,

this is my mirst post here so apologies if this is not the correct place to ask.

I've been looking for several days just in case this question was replied before but I could't find this setup.

The question is that ntopng seems capable to read and show suricata logs if exported in EVE format. Also in ntopng there is a script to read suricata logs, but i'm not capable of make it work.

Somebody tried this setup before?

Thanks in advance!

mimugmail · February 03, 2021, 08:08:19 AM

At which step do you fail?

Domenec · February 03, 2021, 08:18:46 AM

Thanks for your fast reply.

Just can't see the suricata logs on ntopng 'alerts' section that is where I expect too see it.

Don't know how to trace... what I just can see is that suricata logs are shown in EVE syslog format...

mimugmail · February 03, 2021, 08:24:15 AM

You have to enable eve alerts in IDS page, then you need to check how to ingest them to ntopng.
It's been a long time I read the blog about this.

NTopNG consuming Suricata EVE logs

Domenec

February 03, 2021, 07:01:27 AM

mimugmail

February 03, 2021, 08:08:19 AM #1

Domenec

February 03, 2021, 08:18:46 AM #2

mimugmail

February 03, 2021, 08:24:15 AM #3