13830 – Enable Suricata remote log files

Bug 13830 - Enable Suricata remote log files

Summary: Enable Suricata remote log files

Status:	CLOSED DUPLICATE of bug 12960

Alias:	None

Product:	IPFire
Classification:	Unclassified
Component:	ipfire-release (show other bugs)
Version:	2
Hardware:	x86_64 All

Importance:	- Unknown - Minor Usability
Assignee:	Michael Tremer
QA Contact:

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-03-11 23:47 UTC by Don Lubinski
Modified:	2025-03-12 13:42 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Don Lubinski 2025-03-11 23:47:15 UTC

I use remote logging (enabled) so that I can manage ALL my logs in a central location. The suricata logs do not by default go into remote logging. I need to edit the suricata.yaml file and add the following lines (so that the suricata logs do get added): (location in file after comment Line * Extensible Event Format....)

-syslog:
    enabled:   yes
    identity:  "suricata"
    facility:  local5
    level:     info
Almost every time an updated version of ipfire comes out I need to re-add these lines.

Is it possible to add these lines to suricata.yaml file permanent?

Comment 1 Adolf Belka 2025-03-12 13:42:31 UTC


*** This bug has been marked as a duplicate of bug 12960 ***