Suricata
latest
1. 什么是Suricata
2. 安装
3. 命令行选项
4. Suricata规则
5. Rule Management
6. Making sense out of Alerts
7. Performance
8. Configuration
9. Reputation
10. Init Scripts
11. Setting up IPS/inline for Linux
12. Setting up IPS/inline for Windows
13. 输出
13.1. EVE
13.1.1. Eve JSON输出
13.1.2. Eve JSON Format
13.1.3. Eve JSON ‘jq’ Examples
13.2. Lua Output
13.3. Syslog Alerting Compatibility
13.4. Custom http logging
13.5. Custom tls logging
13.6. Log Rotation
14. Lua support
15. File Extraction
16. Public Data Sets
17. Using Capture Hardware
18. Interacting via Unix Socket
19. Man Pages
20. Acknowledgements
21. Licenses
Suricata
Docs
»
13. 输出
»
13.1. EVE
Edit on GitHub
13.1. EVE
¶
13.1.1. Eve JSON输出
13.1.1.1. 输出类型
13.1.1.2. 告警
13.1.1.3. DNS
13.1.1.4. TLS
13.1.1.5. Date modifiers in filename
13.1.1.6. Rotate log file
13.1.1.7. Multiple Logger Instances
13.1.1.8. File permissions
13.1.1.9. JSON flags
13.1.2. Eve JSON Format
13.1.2.1. Common Section
13.1.2.1.1. Event types
13.1.2.1.2. PCAP fields
13.1.2.2. Event type: Alert
13.1.2.2.1. Field action
13.1.2.3. Event type: HTTP
13.1.2.3.1. Fields
13.1.2.3.2. Examples
13.1.2.4. Event type: DNS
13.1.2.4.1. Fields
13.1.2.4.2. Examples
13.1.2.5. Event type: TLS
13.1.2.5.1. Fields
13.1.2.5.2. Examples
13.1.2.6. Event type: TFTP
13.1.2.6.1. Fields
13.1.2.7. Event type: SMB
13.1.2.7.1. SMB Fields
13.1.2.7.2. DCERPC fields
13.1.2.7.3. NTLMSSP fields
13.1.2.7.4. Kerberos fields
13.1.3. Eve JSON ‘jq’ Examples
13.1.3.1. Colorize output
13.1.3.2. DNS NXDOMAIN
13.1.3.3. Unique HTTP User Agents
13.1.3.4. Data use for a host
13.1.3.5. Monitor part of the stats
13.1.3.6. Inspect Alert Data
13.1.3.7. Top 10 Destination Ports