- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Supported OS
Suricata is a high performance, open source network analysis and threat detection software used by most private and public organizations, and embedded by major vendors to protect their assets.
This integration provides enrichment and visualization for Alert, Anomaly, HTTP, DNS, FTP, FTP_DATA, TLS, TFTP, SMB, SSH, Flow, RDP, DHCP, and ARP log types. It helps to visualize detailed insights into Alerts, Anomaly, network connections, DNS, and DHCP activity, as well as detailed network protocol analysis in the integration’s out-of-the-box dashboards.
To install the Suricata integration, run the following Agent installation command and follow the steps below. For more information, see the Integration Management documentation.
Note: This step is not necessary for Agent versions >= 7.57.0.
For Linux, run:
sudo -u dd-agent -- datadog-agent integration install datadog-suricata==1.0.0
Collecting logs is disabled by default in the Datadog Agent. Enable it in the datadog.yaml
file:
logs_enabled: true
Add this configuration block to your suricata.d/conf.yaml
file to start collecting your Suricata logs.
See the sample suricata.d/conf.yaml for available configuration options.
logs:
- type: file
path: /var/log/suricata/eve.json
service: suricata
source: suricata
Note: Make sure you have eve-log
output logging enabled in the suricata.yaml
file of the Suricata application, and that you’ve address the following points:
suricata.yaml
file, keep filetype
parameter as regular
in eve-log
configurations./var/log/suricata
, and the default filename is eve.json
. If you have changed the default path and filename, update the path
parameter in your conf.yaml
file accordingly.Run the Agent’s status subcommand and look for suricata
under the Checks section.
The Suricata integration collects the following log types.
Format | Event Types |
---|---|
JSON | alert, anomaly, http, dns, ftp, ftp_data, tls. tftp, smb, ssh, flow, rdp, dhcp, arp |
The Suricata integration does not include any metrics.
The Suricata integration does not include any events.
The Suricata integration does not include any service checks.
If you see a Permission denied error while monitoring the log files, give the dd-agent
user read permission on them.
sudo chown -R dd-agent:dd-agent /var/log/suricata/eve.json
For any further assistance, contact Datadog support.