Skip to content

beinoriusju/suricata-bridge

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.env
.env
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
app.py
app.py
 
 
requirements.txt
requirements.txt
 
 
util.py
util.py
 
 

Repository files navigation

Suricata Redis to MongoDB bridge

This script allows uploading of Suricata Redis que to MongoDB. This allows for building web interfaces and more advances quering.

Requirements

  • Redis server
  • MongoDB

Quick start

Configure Suricata dump

  - eve-log:
      enabled: yes
      filetype: redis
      redis:
        server: 127.0.0.1
        port: 6379
        mode: list
        key: suricata

Tip

When /etc/suricata/suricata.yaml is configured use Redis it's important to estimate how much data your sever can handle before cleaning up the que. If for some reason the que list is not cleaned it will continue growing and crash your server. Solution I've found is to add a crontab task that trims Redis que every to 10000 latest items.

0 * * * * redis-cli LTRIM 10000 0 9999

About

Suricata Redis to MongoDB bridge

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages