Error when using to_syslog_ietf() function in config for Ubuntu 18.04
abajosh
The following config file works in Ubuntu 14.04, but throws an error when used on an 18.04 server. Am I using the to_syslog_ietf() function incorrectly?
########################################
# Global directives #
########################################
User nxlog
Group nxlog
LogFile /var/log/nxlog/nxlog.log
LogLevel INFO
##### Logging #####
<Input messages>
Module im_file
File "/var/log/syslog"
</Input>
<Input audit>
Module im_file
File "/var/log/audit/audit.log"
# Exec $Message = $Hostname + ' ' + $raw_event;
</Input>
<Input auth>
Module im_file
File "/var/log/auth.log"
</Input>
<Input eve>
Module im_file
File "/var/log/suricata/eve.json"
</Input>
<Output tcp>
Module om_tcp
Host 10.10.10.33
Port 514
</Output>
<Output tcp_audit>
Module om_tcp
Host 10.10.10.33
Port 514
Exec to_syslog_ietf();
</Output>
<Output tcp_eve>
Module om_tcp
Host 10.10.10.33
Port 10002
</Output>
<Route messages_to_tcp>
Path messages, auth => tcp
</Route>
<Route messages_to_tcp_audit>
Path audit => tcp_audit
</Route>
<Route eve_to_tcp>
Path eve => tcp_eve
</Route>