table of contents
other versions
- stretch 3.2.1-1+deb9u1
- testing 1:4.1.2-2
- stretch-backports 1:4.1.2-2~bpo9+1
- unstable 1:4.1.4-2
| SURICATASC(1) | General Commands Manual | SURICATASC(1) |
NAME¶
suricatasc - client for Suricata unix socketSYNOPSIS¶
suricatasc -h] [-v] [-c COMMAND] [socket]DESCRIPTION¶
This manual page documents briefly the suricatasc command.suricatasc is a Python script that allows you communicate with suricata(8) daemon using standard Unix sockets. The exchange protocol is JSON-based.
The creation of the socket is activated by setting enabled: yes under unix-command in Suricata YAML configuration file:
- [...]
unix-command: enabled: yes filename: /var/run/suricata-command.socket
[...]
You can also start suricata(8) with the --unix-socket argument:
- suricata --unix-socket
suricata --unix-socket=socket
In case you don't specify socket, the default is /var/run/suricata-command.socket.
To know if the suricata(8) daemon is build with the required capabilities run suricata --build-info and look for "Unix socket enabled: yes".
OPTIONS¶
The program follows the usual GNU command line syntax, with long options starting with two dashes (`-'). A summary of options is included below.- -h, --help
- Show summary of options.
- -v, --verbose
- Verbose output (including JSON dump).
- -c, --command COMMAND
- Execute a single COMMAND and return a JSON result (see below for possible commands).
RUNNING MODES¶
You can use suricatasc in two modes:- * one shot command
* interactive CLI
COMMANDS¶
The list of available commands is:- shutdown
- this shutdown suricata
- command-list
- list available commands
- help
- alias of command-list
- version
- display Suricata's version
- uptime
- display Suricata's uptime
- running-mode
- display running mode (workers, autofp, simple)
- capture-mode
- display capture system used
- conf-get <key>
- get configuration item.
- >>> conf-get unix-command.enabled
Success:
"yes"
- dump-counters
- dump Suricata's performance counters
- reload-rules
- suricata will reload the rulesets
- register-tenant-handler
- register a tenant handler
- unregister-tenant-handler
- the inverse of the above
- register-tenant
- register a tenant
- reload-tenant
- reload a tenant
- unregister-tenant
- unregister a tenant
- iface-stat <iface>
- show interface stats
- iface-list
- show interfaces list
- pcap-file <file>
- load a file for pcap treatment
- pcap-file-number
- to know how much files are waiting to get processed
- pcap-file-list
- list of queued files
- pcap-file-current
- the current processed file
SEE ALSO¶
suricata(8)ABOUT¶
suricatasc was written by the Open Information Security Foundation.This man page was written by Arturo Borrero Gonzalez <arturo@debian.org> for the Debian GNU/Linux distribution (but it may be used by others).
| 10 Oct 2016 |