syslog-ng/config/syslog-ng.conf.d/nas81-stats-template.conf

template t_suricata_nas81_stats {
    template("{ \"timestamp\": \"${ISODATE}\", \"event_type\": \"stats\", \"stats\": { \
        \"uptime\": ${uptime}, \
        \"capture\": { \
            \"kernel_packets\": ${kernel_packets}, \
            \"kernel_drops\": ${kernel_drops}, \
            \"errors\": ${errors}, \
            \"afpacket\": { \
                \"busy_loop_avg\": ${busy_loop_avg}, \
                \"polls\": ${polls}, \
                \"poll_signal\": ${poll_signal}, \
                \"poll_timeout\": ${poll_timeout}, \
                \"poll_data\": ${poll_data}, \
                \"poll_errors\": ${poll_errors}, \
                \"send_errors\": ${send_errors} \
            } \
        }, \
        \"decoder\": { \
            \"pkts\": ${pkts}, \
            \"bytes\": ${bytes}, \
            \"invalid\": ${invalid}, \
            \"protocols\": { \
                \"ipv4\": ${ipv4}, \
                \"ipv6\": ${ipv6}, \
                \"ethernet\": ${ethernet}, \
                \"arp\": ${arp}, \
                \"tcp\": ${tcp}, \
                \"udp\": ${udp}, \
                \"icmp\": { \
                    \"icmpv4\": ${icmpv4}, \
                    \"icmpv6\": ${icmpv6} \
                }, \
                \"vlan\": ${vlan} \
            }, \
            \"errors\": { \
                \"trunc_pkt\": ${trunc_pkt}, \
                \"opt_pad_required\": ${opt_pad_required}, \
                \"zero_len_padn\": ${zero_len_padn} \
            } \
        }, \
        \"tcp\": { \
            \"syn\": ${syn}, \
            \"synack\": ${synack}, \
            \"rst\": ${rst}, \
            \"active_sessions\": ${active_sessions}, \
            \"sessions\": ${sessions}, \
            \"memuse\": ${memuse} \
        }, \
        \"flow\": { \
            \"total\": ${total_flow}, \
            \"active\": ${active_flow}, \
            \"tcp\": ${tcp_flow}, \
            \"udp\": ${udp_flow}, \
            \"icmp\": { \
                \"icmpv4\": ${icmpv4_flow}, \
                \"icmpv6\": ${icmpv6_flow} \
            } \
        }, \
        \"detect\": { \
            \"engines\": [{ \
                \"id\": ${engine_id}, \
                \"last_reload\": \"${last_reload}\", \
                \"rules_loaded\": ${rules_loaded}, \
                \"rules_failed\": ${rules_failed} \
            }], \
            \"alert\": { \
                \"count\": ${alert_count}, \
                \"suppressed\": ${alert_suppressed} \
            } \
        }, \
        \"app_layer\": { \
            \"flow\": { \
                \"http\": ${http_flow}, \
                \"tls\": ${tls_flow}, \
                \"dns\": { \
                    \"udp\": ${dns_udp_flow} \
                }, \
                \"failed_tcp\": ${failed_tcp}, \
                \"failed_udp\": ${failed_udp} \
            } \
        }, \
        \"memory\": { \
            \"capture\": { \
                \"pressure\": ${memcap_pressure}, \
                \"pressure_max\": ${memcap_pressure_max} \
            }, \
            \"http\": { \
                \"memuse\": ${http_memuse} \
            } \
        } \
    }}\n");
};