Suricata的输出

 

 

  不多说,直接上干货!

 

   见官网

https://suricata.readthedocs.io/en/latest/output/index.html

Suricata的输出_第1张图片

 

 

 

  总的来说,Suricata采集下来的数据输出分为:EVE 、 Lua Output  、 Syslog Alerting Compatibility  、 Custom http logging  、  Custom tls logging  和   Log Rotation 

 

 

  • Docs »  
  • 12. Output
  •  Edit on GitHub

12. Output

  • 12.1. EVE
    • 12.1.1. Eve JSON Output
      • 12.1.1.1. Output types
      • 12.1.1.2. Alerts
      • 12.1.1.3. DNS
      • 12.1.1.4. TLS
      • 12.1.1.5. Date modifiers in filename
      • 12.1.1.6. Rotate log file
      • 12.1.1.7. Multiple Logger Instances
      • 12.1.1.8. File permissions
      • 12.1.1.9. JSON flags
    • 12.1.2. Eve JSON Format
      • 12.1.2.1. Common Section
        • 12.1.2.1.1. Event types
      • 12.1.2.2. Event type: Alert
        • 12.1.2.2.1. Field action
      • 12.1.2.3. Event type: HTTP
        • 12.1.2.3.1. Fields
        • 12.1.2.3.2. Examples
      • 12.1.2.4. Event type: DNS
        • 12.1.2.4.1. Fields
        • 12.1.2.4.2. Examples
      • 12.1.2.5. Event type: TLS
        • 12.1.2.5.1. Fields
        • 12.1.2.5.2. Examples
    • 12.1.3. Eve JSON ‘jq’ Examples
      • 12.1.3.1. Colorize output
      • 12.1.3.2. DNS NXDOMAIN
      • 12.1.3.3. Unique HTTP User Agents
      • 12.1.3.4. Data use for a host
      • 12.1.3.5. Monitor part of the stats
      • 12.1.3.6. Inspect Alert Data
      • 12.1.3.7. Top 10 Destination Ports
  • 12.2. Lua Output
    • 12.2.1. Script structure
    • 12.2.2. YAML
    • 12.2.3. packet
      • 12.2.3.1. SCPacketTimestamp
      • 12.2.3.2. SCPacketTimeString
      • 12.2.3.3. SCPacketTuple
      • 12.2.3.4. SCPacketPayload
    • 12.2.4. flow
      • 12.2.4.1. SCFlowTimestamps
      • 12.2.4.2. SCFlowTimeString
      • 12.2.4.3. SCFlowTuple
      • 12.2.4.4. SCFlowAppLayerProto
      • 12.2.4.5. SCFlowHasAlerts
      • 12.2.4.6. SCFlowStats
      • 12.2.4.7. SCFlowId
    • 12.2.5. http
      • 12.2.5.1. HttpGetRequestBody and HttpGetResponseBody.
      • 12.2.5.2. HttpGetRequestHost
      • 12.2.5.3. HttpGetRequestHeader
      • 12.2.5.4. HttpGetResponseHeader
      • 12.2.5.5. HttpGetRequestLine
      • 12.2.5.6. HttpGetResponseLine
      • 12.2.5.7. HttpGetRawRequestHeaders
      • 12.2.5.8. HttpGetRawResponseHeaders
      • 12.2.5.9. HttpGetRequestUriRaw
      • 12.2.5.10. HttpGetRequestUriNormalized
      • 12.2.5.11. HttpGetRequestHeaders
      • 12.2.5.12. HttpGetResponseHeaders
    • 12.2.6. DNS
      • 12.2.6.1. DnsGetQueries
      • 12.2.6.2. DnsGetAnswers
      • 12.2.6.3. DnsGetAuthorities
      • 12.2.6.4. DnsGetRcode
      • 12.2.6.5. DnsGetRecursionDesired
    • 12.2.7. TLS
      • 12.2.7.1. TlsGetCertInfo
      • 12.2.7.2. TlsGetCertSerial
    • 12.2.8. SSH
      • 12.2.8.1. SshGetServerProtoVersion
      • 12.2.8.2. SshGetServerSoftwareVersion
      • 12.2.8.3. SshGetClientProtoVersion
      • 12.2.8.4. SshGetClientSoftwareVersion
    • 12.2.9. Files
      • 12.2.9.1. SCFileInfo
      • 12.2.9.2. SCFileState
    • 12.2.10. Alerts
      • 12.2.10.1. SCRuleIds
      • 12.2.10.2. SCRuleMsg
      • 12.2.10.3. SCRuleClass
    • 12.2.11. Streaming Data
      • 12.2.11.1. SCStreamingBuffer
    • 12.2.12. Misc
      • 12.2.12.1. SCThreadInfo
      • 12.2.12.2. SCLogError, SCLogWarning, SCLogNotice, SCLogInfo, SCLogDebug
      • 12.2.12.3. SCLogPath
  • 12.3. Syslog Alerting Compatibility
    • 12.3.1. Popular syslog daemons
    • 12.3.2. Finding what syslog daemon you are using
    • 12.3.3. Example
  • 12.4. Custom http logging
  • 12.5. Custom tls logging
  • 12.6. Log Rotation

 

你可能感兴趣的:(Suricata的输出)