diff --git a/docker/elk/logstash/dist/logstash.conf b/docker/elk/logstash/dist/logstash.conf
index 4a502850..f291a6dd 100644
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@@ -425,12 +425,12 @@ output {
 #    document_type => "doc"
   }
 
-  if [type] == "Suricata" {
-      file {
-        file_mode => 0760
-        path => "/data/suricata/log/suricata_ews.log"
-      }
-  }
+  #if [type] == "Suricata" {
+  #    file {
+  #      file_mode => 0760
+  #      path => "/data/suricata/log/suricata_ews.log"
+  #    }
+  #}
   # Debug output
   #if [type] == "XYZ" {
   #  stdout {
diff --git a/docker/ews/dist/ews.cfg b/docker/ews/dist/ews.cfg
index 2dac88ca..3bdf7bc0 100644
--- a/docker/ews/dist/ews.cfg
+++ b/docker/ews/dist/ews.cfg
@@ -99,7 +99,7 @@ logfile = /data/elasticpot/log/elasticpot.log
 [SURICATA]
 suricata = true
 nodeid = suricata-community-01
-logfile = /data/suricata/log/suricata_ews.log
+logfile = /data/suricata/log/eve.json
 
 [MAILONEY]
 mailoney = true
diff --git a/docker/suricata/dist/capture-filter.bpf b/docker/suricata/dist/capture-filter.bpf
index e2c35df5..80fa12d1 100644
--- a/docker/suricata/dist/capture-filter.bpf
+++ b/docker/suricata/dist/capture-filter.bpf
@@ -1,3 +1,4 @@
 not (host sicherheitstacho.eu or community.sicherheitstacho.eu) and
 not (host archive.ubuntu.com or security.ubuntu.com) and
-not (host index.docker.io or docker.io)
+not (host index.docker.io or docker.io) and
+not (host hpfeeds.sissden.eu)