2
responses

The following config file works in Ubuntu 14.04, but throws an error when used on an 18.04 server. Am I using the to_syslog_ietf() function incorrectly?

########################################
# Global directives                    #
########################################
User nxlog
Group nxlog

LogFile /var/log/nxlog/nxlog.log
LogLevel INFO

##### Logging #####

<Input messages>
Module  im_file
File    "/var/log/syslog"
</Input>

<Input audit>
Module  im_file
File    "/var/log/audit/audit.log"
#    Exec   $Message = $Hostname + ' ' + $raw_event;
</Input>

<Input auth>
Module  im_file
File    "/var/log/auth.log"
</Input>

<Input eve>
Module  im_file
File    "/var/log/suricata/eve.json"
</Input>

<Output tcp>
Module  om_tcp
Host    10.10.10.33
Port    514
</Output>

<Output tcp_audit>
Module  om_tcp
Host    10.10.10.33
Port    514
Exec to_syslog_ietf();
</Output>

<Output tcp_eve>
Module  om_tcp
Host    10.10.10.33
Port    10002
</Output>

<Route messages_to_tcp>
Path    messages, auth => tcp
</Route>

<Route messages_to_tcp_audit>
Path    audit => tcp_audit
</Route>

<Route eve_to_tcp>
Path    eve => tcp_eve
</Route>
AskedAugust 17, 2022 - 2:24pm

Answer (1)