16. OutputΒΆ
- 16.1. EVE
- 16.1.1. Eve JSON Output
- 16.1.1.1. Output types
- 16.1.1.2. Alerts
- 16.1.1.3. Anomaly
- 16.1.1.4. HTTP
- 16.1.1.5. DNS
- 16.1.1.6. DNS v1 Format
- 16.1.1.7. TLS
- 16.1.1.8. Drops
- 16.1.1.9. Date modifiers in filename
- 16.1.1.10. Threaded file output
- 16.1.1.11. Rotate log file
- 16.1.1.12. Multiple Logger Instances
- 16.1.1.13. File permissions
- 16.1.1.14. JSON flags
- 16.1.1.15. Community Flow ID
- 16.1.2. Eve JSON Format
- 16.1.2.1. Common Section
- 16.1.2.2. Event type: Alert
- 16.1.2.3. Event type: Anomaly
- 16.1.2.4. Event type: HTTP
- 16.1.2.5. Event type: DNS
- 16.1.2.6. Event type: FTP
- 16.1.2.7. Event type: FTP_DATA
- 16.1.2.8. Event type: TLS
- 16.1.2.9. Event type: TFTP
- 16.1.2.10. Event type: SMB
- 16.1.2.11. Event type: SSH
- 16.1.2.12. Event type: Flow
- 16.1.2.13. Event type: RDP
- 16.1.2.14. Event type: RFB
- 16.1.2.15. Event type: MQTT
- 16.1.2.15.1. Transactions
- 16.1.2.15.2. Common fields
- 16.1.2.15.3. MQTT CONNECT fields
- 16.1.2.15.4. MQTT CONNACK fields
- 16.1.2.15.5. MQTT PUBLISH fields
- 16.1.2.15.6. MQTT PUBACK/PUBREL/PUBREC/PUBCOMP fields
- 16.1.2.15.7. MQTT SUBSCRIBE fields
- 16.1.2.15.8. MQTT SUBACK fields
- 16.1.2.15.9. MQTT UNSUBSCRIBE fields
- 16.1.2.15.10. MQTT UNSUBACK fields
- 16.1.2.15.11. MQTT AUTH fields (MQTT 5.0)
- 16.1.2.15.12. MQTT DISCONNECT fields
- 16.1.2.15.13. Truncated MQTT data
- 16.1.2.16. Event type: HTTP2
- 16.1.3. Eve JSON 'jq' Examples
- 16.1.1. Eve JSON Output
- 16.2. Lua Output
- 16.3. Syslog Alerting Compatibility
- 16.4. Custom http logging
- 16.5. Custom tls logging
- 16.6. Log Rotation