Listing 1: Alarmmeldung mit jq

tail -f /var/log/suricata/eve.json | jq
{
"timestamp": "2023-08-
03T17:21:28.362524+0200",
"flow_id": 2165847954439584,
"in_iface": "ids0",
"event_type": "alert",
"src_ip": "192.168.18.145",
"src_port": 56133,
"dest_ip": "193.67.44.140",
"dest_port": 13096,
"proto": "TCP",
"metadata": {
"flowints": {
"http.anomaly.count": 1
}
},
[...]
}