$template SuricataTemplate, "<%PRI%>%syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg%"
user.alert /var/log/suricata.log;SuricataTemplate