Scroll to navigation

SURICATA-UPDATE(1) User Commands SURICATA-UPDATE(1)

NAME

suricata-update - tool to update Suricata sources

DESCRIPTION

usage: suricata-update update [-h] [-v] [-q] [-D <directory>] [-c <filename>]
[--suricata-conf <filename>] [--suricata <path>]
[--suricata-version <version>] [--user-agent <user-agent>] [--no-check-certificate] [-V] [-o <directory>] [-f] [--yaml-fragment <filename>] [--url <url>] [--local <path>] [--sid-msg-map <filename>] [--sid-msg-map-2 <filename>] [--disable-conf <filename>] [--enable-conf <filename>] [--modify-conf <filename>] [--drop-conf <filename>] [--ignore <pattern>] [--no-ignore] [--threshold-in <filename>] [--threshold-out <filename>] [--dump-sample-configs] [--etopen] [--reload-command <command>] [--no-reload] [-T <command>] [--no-test] [--no-merge]

optional arguments:

-h, --help
show this help message and exit
-v, --verbose
Be more verbose
-q, --quiet
Be quiet, warning and error messages only
-D <directory>, --data-dir <directory>
Data directory (default: /var/lib/suricata)
-c <filename>, --config <filename>
configuration file (default: /etc/suricata/update.yaml)
--suricata-conf <filename>
configuration file (default: /etc/suricata/suricata.yaml)
--suricata <path>
Path to Suricata program
--suricata-version <version>
Override Suricata version
--user-agent <user-agent>
Set custom user-agent string
--no-check-certificate
Disable server SSL/TLS certificate verification
-V, --version
Display version
-o <directory>, --output <directory>
Directory to write rules to
-f, --force
Force operations that might otherwise be skipped
--yaml-fragment <filename>
Output YAML fragment for rule inclusion
--url <url>
URL to use instead of auto-generating one (can be specified multiple times)
--local <path>
Local rule files or directories (can be specified multiple times)
--sid-msg-map <filename>
Generate a sid-msg.map file
--sid-msg-map-2 <filename>
Generate a v2 sid-msg.map file
--disable-conf <filename>
Filename of rule disable filters
--enable-conf <filename>
Filename of rule enable filters
--modify-conf <filename>
Filename of rule modification filters
--drop-conf <filename>
Filename of drop rules filters
--ignore <pattern>
Filenames to ignore (can be specified multiple times; default: *deleted.rules)
--no-ignore
Disables the ignore option.
--threshold-in <filename>
Filename of rule thresholding configuration
--threshold-out <filename>
Output of processed threshold configuration
--dump-sample-configs
Dump sample config files to current directory
--etopen
Use ET-Open rules (default)
--reload-command <command>
Command to run after update if modified
--no-reload
Disable reload
-T <command>, --test-command <command>
Command to test Suricata configuration
--no-test
Disable testing rules with Suricata
--no-merge
Do not merge the rules into a single file

other commands:

update-sources
Update the source index
list-sources
List available sources
enable-source
Enable a source from the index
disable-source
Disable an enabled source
remove-source
Remove an enabled or disabled source
list-enabled-sources
List all enabled sources
add-source
Add a new source by URL
May 2019 suricata-update version 1.0.5