15. Output¶
- 15.1. EVE
- 15.1.1. Eve JSON Output
- 15.1.1.1. Output types
- 15.1.1.2. Alerts
- 15.1.1.3. Anomaly
- 15.1.1.4. HTTP
- 15.1.1.5. DNS
- 15.1.1.6. DNS v1 Format
- 15.1.1.7. TLS
- 15.1.1.8. Date modifiers in filename
- 15.1.1.9. Rotate log file
- 15.1.1.10. Multiple Logger Instances
- 15.1.1.11. File permissions
- 15.1.1.12. JSON flags
- 15.1.1.13. Community Flow ID
- 15.1.2. Eve JSON Format
- 15.1.2.1. Common Section
- 15.1.2.2. Event type: Alert
- 15.1.2.3. Event type: Anomaly
- 15.1.2.4. Event type: HTTP
- 15.1.2.5. Event type: DNS
- 15.1.2.6. Event type: FTP
- 15.1.2.7. Event type: FTP_DATA
- 15.1.2.8. Event type: TLS
- 15.1.2.9. Event type: TFTP
- 15.1.2.10. Event type: SMB
- 15.1.2.11. Event type: SSH
- 15.1.2.12. Event type: Flow
- 15.1.2.13. Event type: RDP
- 15.1.3. Eve JSON ‘jq’ Examples
- 15.1.1. Eve JSON Output
- 15.2. Lua Output
- 15.3. Syslog Alerting Compatibility
- 15.4. Custom http logging
- 15.5. Custom tls logging
- 15.6. Log Rotation