Suricata
suricata-4.1.0-beta1
1. What is Suricata
2. Installation
3. Command Line Options
4. Suricata Rules
5. Rule Management
6. Making sense out of Alerts
7. Performance
8. Configuration
9. Reputation
10. Init Scripts
11. Setting up IPS/inline for Linux
12. Output
12.1. EVE
12.1.1. Eve JSON Output
12.1.2. Eve JSON Format
12.1.3. Eve JSON ‘jq’ Examples
12.2. Lua Output
12.3. Syslog Alerting Compatibility
12.4. Custom http logging
12.5. Custom tls logging
12.6. Log Rotation
13. File Extraction
14. Public Data Sets
15. Using Capture Hardware
16. Interacting via Unix Socket
17. Man Pages
18. Acknowledgements
19. Licenses
Suricata
Docs
»
12. Output
»
12.1. EVE
Edit on GitHub
12.1. EVE
¶
12.1.1. Eve JSON Output
12.1.1.1. Output types
12.1.1.2. Alerts
12.1.1.3. DNS
12.1.1.4. TLS
12.1.1.5. Date modifiers in filename
12.1.1.6. Rotate log file
12.1.1.7. Multiple Logger Instances
12.1.1.8. File permissions
12.1.1.9. JSON flags
12.1.2. Eve JSON Format
12.1.2.1. Common Section
12.1.2.1.1. Event types
12.1.2.1.2. PCAP fields
12.1.2.2. Event type: Alert
12.1.2.2.1. Field action
12.1.2.3. Event type: HTTP
12.1.2.3.1. Fields
12.1.2.3.2. Examples
12.1.2.4. Event type: DNS
12.1.2.4.1. Fields
12.1.2.4.2. Examples
12.1.2.5. Event type: TLS
12.1.2.5.1. Fields
12.1.2.5.2. Examples
12.1.2.6. Event type: TFTP
12.1.2.6.1. Fields
12.1.3. Eve JSON ‘jq’ Examples
12.1.3.1. Colorize output
12.1.3.2. DNS NXDOMAIN
12.1.3.3. Unique HTTP User Agents
12.1.3.4. Data use for a host
12.1.3.5. Monitor part of the stats
12.1.3.6. Inspect Alert Data
12.1.3.7. Top 10 Destination Ports