intrusion detection: straighten syslog output

If enabled, now consistenly log into a clog suricata.log. Since the last rework suricata syslog output landed in system.log because the suricata.syslog.log file was removed, but this one was never read because syslog.log was not a real log file.
2026-03-13 08:09:41 +00:00 · 2018-02-14 20:48:51 +00:00 · 2018-02-14 20:48:51 +00:00 · 00b6bcefc4
commit 00b6bcefc4
parent 5bc9fdfe55
5 changed files with 13 additions and 6 deletions
--- a/src/etc/inc/plugins.inc.d/suricata.inc
+++ b/src/etc/inc/plugins.inc.d/suricata.inc
@ -47,6 +47,17 @@ function suricata_services()
    return $services;
 }

+function suricata_syslog()
+{
+    $logfacilities = array();
+
+    $logfacilities['suricata'] = array(
+        'facility' => array('suricata'),
+    );
+
+    return $logfacilities;
+}
+
 function suricata_xmlrpc_sync()
 {
    $result = array();
--- a/src/opnsense/service/templates/OPNsense/IDS/newsyslog.conf
+++ b/src/opnsense/service/templates/OPNsense/IDS/newsyslog.conf
@ -1,7 +1,6 @@
 # logfilename			[owner:group]	mode	count	size	when	flags	[/pid_file]				[sig_num]
 {% if helpers.exists('OPNsense.IDS.general') and OPNsense.IDS.general.enabled|default("0") == "1" %}
 /var/log/suricata/stats.log	root:wheel	640	7	*	$D0	B	/var/run/suricata.pid	1
-/var/log/suricata.log		root:wheel	640	7	*	$D0	B	/var/run/suricata.pid	1
 /var/log/suricata/eve.json	root:wheel	640	{{ OPNsense.IDS.general.AlertSaveLogs|default("4") }}	500000	${{
    OPNsense.IDS.general.AlertLogrotate|default("W0D23")
 }}	B	/var/run/suricata.pid	1
--- a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
+++ b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
@ -749,9 +749,6 @@ logging:
  outputs:
  - console:
      enabled: no
-  - file:
-      enabled: yes
-      filename: /var/log/suricata.log
  - syslog:
      enabled: {% if helpers.exists('OPNsense.IDS.general.syslog') and OPNsense.IDS.general.syslog|default('0') == '0' %}no{% else %}yes{% endif %}

--- a/src/www/diag_logs_settings.php
+++ b/src/www/diag_logs_settings.php
@ -56,6 +56,7 @@ function clear_all_log_files()
        'relayd',
        'resolver',
        'routing',
+        'suricata',
        'system',
        'vpn',
        'wireless',
@ -65,7 +66,6 @@ function clear_all_log_files()
        'squid/access',
        'squid/cache',
        'squid/store',
-        'suricata',
    );

    foreach ($clog_files as $lfile) {
--- a/src/www/diag_logs_suricata.php
+++ b/src/www/diag_logs_suricata.php
@ -1,7 +1,7 @@
 <?php

 $logfile = '/var/log/suricata.log';
-$logclog = false;
+$logclog = true;

 $service_hook = 'suricata';