Suricata Log Viewer

Suricata Log Viewer — Fast and Efficient Analysis of Suricata Logs

Suri Oculus includes a fast and lightweight Suricata Log Viewer designed for real-time analysis of alerts, anomalies, flow records, DNS events, TLS fingerprints, and HTTP metadata. The interface provides quick navigation, filtering, and visualization of Suricata logs sourced directly from Redis.

Unified Log Interface for All Suricata Events

The viewer aggregates multiple Suricata event types into one clean, consistent UI:

alerts
anomalies
flow events
DNS queries and responses
TLS handshake data
HTTP metadata
system and internal events

This structure allows analysts to quickly correlate behaviors and identify unusual patterns.

Instant Filtering and Search

The log viewer supports powerful filtering capabilities:

search by IP, port, protocol
filter by event category
time-range based navigation
anomaly-only mode
filter by JA3/JA3S fingerprints
sort by timestamp, severity, or event type

This enables rapid investigation of security incidents.

Real-Time Integration With Redis

Logs are streamed directly from Redis, avoiding heavy disk I/O and ensuring:

extremely fast response time
minimal delay between event creation and display
zero dependency on traditional eve.json files
efficient memory usage

This architecture is ideal for high-throughput environments.

Optimized for Low-Power and Embedded Systems

The Log Viewer operates smoothly even on hardware with limited resources:

microservers
home lab devices
SOHO routers
ARM-based boards
low-cost VPS instances

Thanks to clean JavaScript and minimal UI overhead.

Learn More

Explore other modules:

AI Traffic Analysis – /suricata-ai-analysis
Suricata Flow Analytics – /suricata-flow-analytics
Suricata TLS Analysis – /suricata-tls-analysis
Rules Management – /suricata-rules-management

External Resources

More information about Suricata logs:
– https://suricata.io/documentation/