https://github.com/jasonish/suricata-redis-output
Suricata Eve Redis Output Plugin
https://github.com/jasonish/suricata-redis-output
Last synced: 24 days ago
JSON representation
Suricata Eve Redis Output Plugin
- Host: GitHub
- URL: https://github.com/jasonish/suricata-redis-output
- Owner: jasonish
- License: mit
- Created: 2021-06-02T23:02:31.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2025-01-21T20:10:51.000Z (4 months ago)
- Last Synced: 2025-02-06T16:35:28.678Z (3 months ago)
- Language: Rust
- Size: 23.4 KB
- Stars: 7
- Watchers: 3
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
- awesome-suricata - suricata-redis-output - Suricata Eve Redis Output Plugin for Suricata 7. (Output Tools)
README
# Suricata Eve Redis Output Plugin for Suricata 7.0.x
This plugin provides a Suricata Eve output for Redis. It also serves as an
example of how an output plugin that writes to a possibly slow resource like the
network can operate without blocking Suricata.
This plugin can replace the built-in Redis output, but a performance comparison
has not been done.
## Building
```
git clone https://github.com/jasonish/suricata-redis-output
cd suricata-redis-output
cargo build --release
```
## Installing
As there is no standard way (yet) to install Suricata plugins we'll install the
plugin to `/usr/local/lib/suricata/plugins`.
```
mkdir -p /usr/local/lib/suricata/plugins
cp target/release/libredis_output.so /usr/local/lib/suricata/plugins/
```
Add a section to your `suricata.yaml` that looks like:
```
plugins:
- /usr/local/lib/suricata/plugins/libredis_output.so
```
Then set the `filetype` in your `eve` configuration section to
`eve-redis-plugin`.
## Configuration
This Redis output is compatible with the existing configuration in
`suricata.yaml`.