Update telegraf.conf

2022-02-12 15:16:01 -06:00 · 2022-02-12 15:16:01 -06:00 · 48cb51b399
commit 48cb51b399
parent d117971475
1 changed files with 12 additions and 6 deletions
--- a/config/telegraf.conf
+++ b/config/telegraf.conf
@ -47,9 +47,15 @@
  ]
  data_format = "influx"

-[[inputs.tail]]
-  data_format = "json"
-  files = ["/var/log/suricata/eve.json"]
-  name_override = "suricata"
-  tag_keys = ["event_type","src_ip","src_port","dest_ip","dest_port"]
-  json_string_fields = ["*"]
+[[inputs.suricata]]
+  ## Data sink for Suricata stats log.
+  # This is expected to be a filename of a
+  # unix socket to be created for listening.
+  source = "/tmp/suricata-stats.sock"
+
+  # Delimiter for flattening field keys, e.g. subitem "alert" of "detect"
+  # becomes "detect_alert" when delimiter is "_".
+  delimiter = "_"
+
+  # Detect alert logs
+  alerts = false