.\" (C) Copyright 2015-2016 Arturo Borrero Gonzalez , .\" .\" .TH SURICATASC 1 "10 Oct 2016" .\" Please adjust this date whenever updating the manpage. .SH NAME suricatasc \- client for Suricata unix socket .SH SYNOPSIS .B suricatasc -h] [-v] [-c COMMAND] [\fIsocket\fP] .br .SH DESCRIPTION This manual page documents briefly the \fBsuricatasc\fP command. .PP \fBsuricatasc\fP is a Python script that allows you communicate with \fBsuricata(8)\fP daemon using standard Unix sockets. The exchange protocol is JSON-based. .PP The creation of the socket is activated by setting \fBenabled: yes\fP under \fBunix-command\fP in Suricata YAML configuration file: .IP [...] .br unix-command: .br enabled: yes .br filename: /var/run/suricata-command.socket .br [...] .PP You can also start \fBsuricata(8)\fP with the \fB--unix-socket\fP argument: .IP suricata --unix-socket .br suricata --unix-socket=\fIsocket\fP .br .PP In case you don't specify \fIsocket\fP, the default is \fI/var/run/suricata-command.socket\fP. .PP To know if the \fBsuricata(8)\fP daemon is build with the required capabilities run \fBsuricata --build-info\fP and look for "Unix socket enabled: yes". .SH OPTIONS The program follows the usual GNU command line syntax, with long options starting with two dashes (`-'). A summary of options is included below. .TP .B \-h, \-\-help Show summary of options. .TP .B \-v, \-\-verbose Verbose output (including JSON dump). .TP .B \-c, \-\-command COMMAND Execute a single COMMAND and return a JSON result (see below for possible commands). .SH RUNNING MODES You can use \fBsuricatasc\fP in two modes: .IP * one shot command .br * interactive CLI .PP .SH COMMANDS The list of available commands is: .TP .B shutdown this shutdown suricata .TP .B command-list list available commands .TP .B help alias of command-list .TP .B version display Suricata's version .TP .B uptime display Suricata's uptime .TP .B running-mode display running mode (workers, autofp, simple) .TP .B capture-mode display capture system used .TP .B conf-get get configuration item. .IP >>> conf-get unix-command.enabled .br Success: .br "yes" .TP .B dump-counters dump Suricata's performance counters .TP .B reload-rules suricata will reload the rulesets .TP .B register-tenant-handler register a tenant handler .TP .B unregister-tenant-handler the inverse of the above .TP .B register-tenant register a tenant .TP .B reload-tenant reload a tenant .TP .B unregister-tenant unregister a tenant .TP .B iface-stat show interface stats .TP .B iface-list show interfaces list .TP .B pcap-file load a file for pcap treatment .TP .B pcap-file-number to know how much files are waiting to get processed .TP .B pcap-file-list list of queued files .TP .B pcap-file-current the current processed file .SH SEE ALSO \fBsuricata(8)\fP .SH ABOUT \fBsuricatasc\fP was written by the Open Information Security Foundation. This man page was written by Arturo Borrero Gonzalez for the Debian GNU/Linux distribution (but it may be used by others).