Project

General

Profile

Actions

Bug #5938

open

for syslog output, the setting identity is not properly set

Added by Zane B-H almost 2 years ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Lets say for outputs, you have something akin the the following.

  - eve-log:
      enabled: yes
      filetype: syslog
      identity: "suricata-ftp" 
      facility: local5
      level: Info
      pcap-file: false
      community-id: false
      community-id-seed: 0
      types:
        - ftp
  - eve-log:
      enabled: yes
      filetype: syslog
      identity: "suricata-sip" 
      facility: local5
      level: Info
      pcap-file: false
      community-id: false
      community-id-seed: 0
      types:
        - sip

All syslog output will show up as "suricata-sip" and never "suricata-ftp" as it will use what ever the last identity was set to, regardless of what it is set to for that specific output item.

No data to display

Actions

Also available in: Atom PDF