NAME

suricatasc - client for Suricata unix socket

SYNOPSIS

suricatasc -h] [-v] [-c COMMAND] [socket]

DESCRIPTION

This manual page documents briefly the suricatasc command.

suricatasc is a Python script that allows you communicate with suricata(8) daemon using standard Unix sockets. The exchange protocol is JSON-based.

The creation of the socket is activated by setting enabled: yes under unix-command in Suricata YAML configuration file:

: [...]
unix-command:
enabled: yes
filename: /var/run/suricata-command.socket
[...]

You can also start suricata(8) with the --unix-socket argument:

: suricata --unix-socket
suricata --unix-socket=socket

In case you don't specify socket, the default is /var/run/suricata-command.socket.

To know if the suricata(8) daemon is build with the required capabilities run suricata --build-info and look for "Unix socket enabled: yes".

OPTIONS

The program follows the usual GNU command line syntax, with long options starting with two dashes (`-'). A summary of options is included below.

-h, --help: Show summary of options.
-v, --verbose: Verbose output (including JSON dump).
-c, --command COMMAND: Execute a single COMMAND and return a JSON result (see below for possible commands).

RUNNING MODES

You can use suricatasc in two modes:

: * one shot command
* interactive CLI

COMMANDS

The list of available commands is:

shutdown: this shutdown suricata
command-list: list available commands
help: alias of command-list
version: display Suricata's version
uptime: display Suricata's uptime
running-mode: display running mode (workers, autofp, simple)
capture-mode: display capture system used
conf-get <key>: get configuration item.

: >>> conf-get unix-command.enabled
Success:
"yes"

dump-counters: dump Suricata's performance counters
reload-rules: suricata will reload the rulesets
register-tenant-handler: register a tenant handler
unregister-tenant-handler: the inverse of the above
register-tenant: register a tenant
reload-tenant: reload a tenant
unregister-tenant: unregister a tenant
iface-stat <iface>: show interface stats
iface-list: show interfaces list
pcap-file <file>: load a file for pcap treatment
pcap-file-number: to know how much files are waiting to get processed
pcap-file-list: list of queued files
pcap-file-current: the current processed file

ABOUT

suricatasc was written by the Open Information Security Foundation.

This man page was written by Arturo Borrero Gonzalez <arturo@debian.org> for the Debian GNU/Linux distribution (but it may be used by others).

10 Oct 2016