Scroll to navigation
| SURICATA-UPDATE(1) |
User Commands |
SURICATA-UPDATE(1) |
NAME¶
suricata-update - tool to update Suricata sources
DESCRIPTION¶
usage: suricata-update update [-h] [-v] [-q] [-D <directory>] [-c
<filename>]
- [--suricata-conf <filename>] [--suricata <path>]
- [--suricata-version <version>] [--user-agent <user-agent>]
[--no-check-certificate] [-V] [-o <directory>] [-f] [--yaml-fragment
<filename>] [--url <url>] [--local <path>]
[--sid-msg-map <filename>] [--sid-msg-map-2 <filename>]
[--disable-conf <filename>] [--enable-conf <filename>]
[--modify-conf <filename>] [--drop-conf <filename>] [--ignore
<pattern>] [--no-ignore] [--threshold-in <filename>]
[--threshold-out <filename>] [--dump-sample-configs] [--etopen]
[--reload-command <command>] [--no-reload] [-T <command>]
[--no-test] [--no-merge]
optional arguments:¶
- -h, --help
- show this help message and exit
- -v, --verbose
- Be more verbose
- -q, --quiet
- Be quiet, warning and error messages only
- -D <directory>, --data-dir <directory>
- Data directory (default: /var/lib/suricata)
- -c <filename>, --config <filename>
- configuration file (default: /etc/suricata/update.yaml)
- --suricata-conf <filename>
- configuration file (default: /etc/suricata/suricata.yaml)
- --suricata <path>
- Path to Suricata program
- --suricata-version <version>
- Override Suricata version
- --user-agent <user-agent>
- Set custom user-agent string
- --no-check-certificate
- Disable server SSL/TLS certificate verification
- -V, --version
- Display version
- -o <directory>, --output <directory>
- Directory to write rules to
- -f, --force
- Force operations that might otherwise be skipped
- --yaml-fragment <filename>
- Output YAML fragment for rule inclusion
- --url <url>
- URL to use instead of auto-generating one (can be specified multiple
times)
- --local <path>
- Local rule files or directories (can be specified multiple times)
- --sid-msg-map <filename>
- Generate a sid-msg.map file
- --sid-msg-map-2 <filename>
- Generate a v2 sid-msg.map file
- --disable-conf <filename>
- Filename of rule disable filters
- --enable-conf <filename>
- Filename of rule enable filters
- --modify-conf <filename>
- Filename of rule modification filters
- --drop-conf <filename>
- Filename of drop rules filters
- --ignore <pattern>
- Filenames to ignore (can be specified multiple times; default:
*deleted.rules)
- --no-ignore
- Disables the ignore option.
- --threshold-in <filename>
- Filename of rule thresholding configuration
- --threshold-out <filename>
- Output of processed threshold configuration
- --dump-sample-configs
- Dump sample config files to current directory
- --etopen
- Use ET-Open rules (default)
- --reload-command <command>
- Command to run after update if modified
- --no-reload
- Disable reload
- -T <command>, --test-command <command>
- Command to test Suricata configuration
- --no-test
- Disable testing rules with Suricata
- --no-merge
- Do not merge the rules into a single file
other commands:¶
- update-sources
- Update the source index
- list-sources
- List available sources
- enable-source
- Enable a source from the index
- disable-source
- Disable an enabled source
- remove-source
- Remove an enabled or disabled source
- list-enabled-sources
- List all enabled sources
- add-source
- Add a new source by URL
