NAME¶
suricatasc - client for Suricata unix socket
SYNOPSIS¶
suricatasc -h] [-v] [-c COMMAND] [
socket]
DESCRIPTION¶
This manual page documents briefly the
suricatasc command.
suricatasc is a Python script that allows you communicate with
suricata(8) daemon using standard Unix sockets. The exchange protocol
is JSON-based.
The creation of the socket is activated by setting
enabled: yes under
unix-command in Suricata YAML configuration file:
- [...]
unix-command:
enabled: yes
filename: /var/run/suricata-command.socket
[...]
You can also start
suricata(8) with the
--unix-socket argument:
- suricata --unix-socket
suricata --unix-socket= socket
In case you don't specify
socket, the default is
/var/run/suricata-command.socket.
To know if the
suricata(8) daemon is build with the required capabilities
run
suricata --build-info and look for "Unix socket enabled:
yes".
OPTIONS¶
The program follows the usual GNU command line syntax, with long options
starting with two dashes (`-'). A summary of options is included below.
- -h, --help
- Show summary of options.
- -v, --verbose
- Verbose output (including JSON dump).
- -c, --command COMMAND
- Execute a single COMMAND and return a JSON result (see below for possible
commands).
RUNNING MODES¶
You can use
suricatasc in two modes:
- * one shot command
* interactive CLI
COMMANDS¶
The list of available commands is:
- shutdown
- this shutdown suricata
- command-list
- list available commands
- help
- alias of command-list
- version
- display Suricata's version
- uptime
- display Suricata's uptime
- running-mode
- display running mode (workers, autofp, simple)
- capture-mode
- display capture system used
- conf-get <key>
- get configuration item.
- >>> conf-get unix-command.enabled
Success:
"yes"
- dump-counters
- dump Suricata's performance counters
- reload-rules
- suricata will reload the rulesets
- register-tenant-handler
- register a tenant handler
- unregister-tenant-handler
- the inverse of the above
- register-tenant
- register a tenant
- reload-tenant
- reload a tenant
- unregister-tenant
- unregister a tenant
- iface-stat <iface>
- show interface stats
- iface-list
- show interfaces list
- pcap-file <file>
- load a file for pcap treatment
- pcap-file-number
- to know how much files are waiting to get processed
- pcap-file-list
- list of queued files
- pcap-file-current
- the current processed file
SEE ALSO¶
suricata(8)
ABOUT¶
suricatasc was written by the Open Information Security Foundation.
This man page was written by Arturo Borrero Gonzalez <arturo@debian.org>
for the Debian GNU/Linux distribution (but it may be used by others).