Support #2990
closedfiles-json.log is empty
Description
I use suricata 4.0.4 and in suricata.yaml, i edited fast.log and files-json.log to enabled:yes - append:yes. But when I cat fast.log and files-json.log, files-json.log is empty.
Updated by Anh Pham over 5 years ago
I use suricata 4.0.4 and in suricata.yaml, i edited fast.log and files-json.log to enabled:yes - append:yes. But when I cat fast.log and files-json.log, files-json.log is empty.
Is there any way to solve this problem? Thank you very much.
Updated by Peter Manev over 5 years ago
I would recommend using latest stable Suricata - 4.1.4 and eve.json (instead of fast.log and files log as these are legacy).
After it is up and running , check if Suricata starts properly , if there are no errors , if you have defined your networks correctly.
Updated by Andreas Herz over 5 years ago
- Status changed from New to Feedback
- Assignee set to Anh Pham
- Target version set to Support
Can you also add the configuration file so we can check for any issues there?
Updated by Victor Julien over 5 years ago
- Status changed from Feedback to Closed