security onion syslog entries for itself are missing the event category #11478
Replies: 1 comment
-
|
Correction. It looks like the syslog entries are assigned the host.name of the security onion appliance for all the logs being sent to the appliance. What is not being given a category is the unbound and suricata logs (from pfsense). I see the "real_message" has the log and it looks like the source.application is being correctly detected, it just seems odd that the real_message data isnt categorized. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Forgive me for I am new but I have been adding systems to security onion and trying to learn it. Most of my syslog entries are categorized however log entries from the security onion appliance do not have an associated category. What am I missing here?
Thanks
Beta Was this translation helpful? Give feedback.
All reactions