Log format

Started by r4nd0m, September 11, 2020, 10:59:45 PM

Previous topic - Next topic
I am trying to understand where in OPNsense the syslog format is set for suricata as it differs from the default ...

this is how it should look like
Quote10/05/10-10:08:59.667372  [**] [1:2009187:4] ET WEB_CLIENT ACTIVEX iDefense
  COMRaider ActiveX Control Arbitrary File Deletion [**] [Classification: Web
  Application Attack] [Priority: 3] {TCP} xx.xx.232.144:80 -> 192.168.1.4:56068

but it converts to Sep 11 21:55:58 infinus.duckdns.org suricata[22702]:
QuoteMay 5 10:08:59 host.name.com suricata[{PID}]: [1:2009187:4] ET WEB_CLIENT ACTIVEX iDefense
  COMRaider ActiveX Control Arbitrary File Deletion [Classification: Web
  Application Attack] [Priority: 3] {TCP} xx.xx.232.144:80 -> 192.168.1.4:56068

where is this modified - I had a look at the different templates but cant find it but would want to change it to default as is interferes with my syslog receiver which expects the default format ...

would rather revert this than needing to use the syslog-ng and directly forward the /var/log/suricata/fast.log - any hints?  ...

just for completion decided to grab the logs from /var/log/suricata/fast.log directly instead ...