> By the way, do you think it's possible to add ulogd if advanced user want it ? > > I'm thinking about log centralisation in kibana webinterface, like this: > > https://home.regit.org/2014/03/suricata-ulogd-splunk-logstash/ Well, looks like we just need to write a format those tools can read?