15. Output¶
- 15.1. EVE
- 15.1.1. Eve JSON Output
- 15.1.1.1. Output types
- 15.1.1.2. Alerts
- 15.1.1.3. Anomaly
- 15.1.1.4. HTTP
- 15.1.1.5. DNS
- 15.1.1.6. DNS v1 Format
- 15.1.1.7. TLS
- 15.1.1.8. Date modifiers in filename
- 15.1.1.9. Threaded file output
- 15.1.1.10. Rotate log file
- 15.1.1.11. Multiple Logger Instances
- 15.1.1.12. File permissions
- 15.1.1.13. JSON flags
- 15.1.1.14. Community Flow ID
- 15.1.2. Eve JSON Format
- 15.1.2.1. Common Section
- 15.1.2.2. Event type: Alert
- 15.1.2.3. Event type: Anomaly
- 15.1.2.4. Event type: HTTP
- 15.1.2.5. Event type: DNS
- 15.1.2.6. Event type: FTP
- 15.1.2.7. Event type: FTP_DATA
- 15.1.2.8. Event type: TLS
- 15.1.2.9. Event type: TFTP
- 15.1.2.10. Event type: SMB
- 15.1.2.11. Event type: SSH
- 15.1.2.12. Event type: Flow
- 15.1.2.13. Event type: RDP
- 15.1.2.14. Event type: RFB
- 15.1.2.15. Event type: MQTT
- 15.1.2.15.1. Transactions
- 15.1.2.15.2. Common fields
- 15.1.2.15.3. MQTT CONNECT fields
- 15.1.2.15.4. MQTT CONNACK fields
- 15.1.2.15.5. MQTT PUBLISH fields
- 15.1.2.15.6. MQTT PUBACK/PUBREL/PUBREC/PUBCOMP fields
- 15.1.2.15.7. MQTT SUBSCRIBE fields
- 15.1.2.15.8. MQTT SUBACK fields
- 15.1.2.15.9. MQTT UNSUBSCRIBE fields
- 15.1.2.15.10. MQTT UNSUBACK fields
- 15.1.2.15.11. MQTT AUTH fields (MQTT 5.0)
- 15.1.2.15.12. MQTT DISCONNECT fields
- 15.1.2.15.13. Truncated MQTT data
- 15.1.2.16. Event type: HTTP2
- 15.1.3. Eve JSON ‘jq’ Examples
- 15.1.1. Eve JSON Output
- 15.2. Lua Output
- 15.3. Syslog Alerting Compatibility
- 15.4. Custom http logging
- 15.5. Custom tls logging
- 15.6. Log Rotation