1:orphan: Document not referenced in a toctree, so add this. 2 3.. _unified2-removed: 4 5Unified2 Output Removed 6----------------------- 7 8As of Suricata 6.0 the Unified2 output has been removed. The legacy 9Unified2 format lacks the flexibility found in the Eve format, and is 10considerably more difficult to integrate with other tools. The 11current recommended output is :ref:`eve`. 12 13Packet (Payload) Logging 14------------------------ 15 16By default, Eve does not log the packet or payload like Unified2 17does. This can be done with Eve by enabling the payload in Eve alert 18logs. This will log the payload in base64 format to be compatible with 19the JSON format of Eve logs. 20 21It is important to note that while Eve does have an option to log the 22packet, it is the payload option that provides the equivalent data to 23that of the Unified2 output. 24 25Migration Tools 26--------------- 27 28Meer 29~~~~ 30 31Meer is an Eve log processing tool that can process Eve logs and 32insert them into a database that is compatible with Barnyard2. This 33could could be used as a Barnyard2 replacement if your use of Unified2 34was to have Suricata events added this style of database for use with 35tools such as Snorby and BASE. 36 37More information on Meer can be found at its GitHub project page: 38`https://github.com/beave/meer <https://github.com/beave/meer>`_. 39 40.. note:: Please note that Meer is not supported or maintained by the 41 OISF or the Suricata development team. 42