27 lines
1 KiB
Text
27 lines
1 KiB
Text
|
# Suricata stats and alerts plugin
|
||
|
|
[[inputs.suricata]]
|
||
|
|
## Source
|
||
|
|
## Data sink for Suricata stats log. This is expected to be a filename of a
|
||
|
|
## unix socket to be created for listening.
|
||
|
|
# source = "/var/run/suricata-stats.sock"
|
||
|
|
|
||
|
|
## Delimiter
|
||
|
|
## Used for flattening field keys, e.g. subitem "alert" of "detect" becomes
|
||
|
|
## "detect_alert" when delimiter is "_".
|
||
|
|
# delimiter = "_"
|
||
|
|
|
||
|
|
## Metric version
|
||
|
|
## Version 1 only collects stats and optionally will look for alerts if
|
||
|
|
## the configuration setting alerts is set to true.
|
||
|
|
## Version 2 parses any event type message by default and produced metrics
|
||
|
|
## under a single metric name using a tag to differentiate between event
|
||
|
|
## types. The timestamp for the message is applied to the generated metric.
|
||
|
|
## Additional tags and fields are included as well.
|
||
|
|
# version = "1"
|
||
|
|
|
||
|
|
## Alerts
|
||
|
|
## In metric version 1, only status is captured by default, alerts must be
|
||
|
|
## turned on with this configuration option. This option does not apply for
|
||
|
|
## metric version 2.
|
||
|
|
# alerts = false
|