suricata-update - tool to update Suricata sources
usage: suricata-update update [-h] [-v] [-q] [-D
<directory>] [-c <filename>]
- [--suricata-conf <filename>] [--suricata <path>]
- [--suricata-version <version>] [--user-agent <user-agent>]
[--no-check-certificate] [-V] [-o <directory>] [-f] [--yaml-fragment
<filename>] [--url <url>] [--local <path>]
[--sid-msg-map <filename>] [--sid-msg-map-2 <filename>]
[--disable-conf <filename>] [--enable-conf <filename>]
[--modify-conf <filename>] [--drop-conf <filename>] [--ignore
<pattern>] [--no-ignore] [--threshold-in <filename>]
[--threshold-out <filename>] [--dump-sample-configs] [--etopen]
[--reload-command <command>] [--no-reload] [-T <command>]
[--no-test] [--no-merge] [--offline] [--fail]
- -h, --help
- show this help message and exit
- -v, --verbose
- Be more verbose
- -q, --quiet
- Be quiet, warning and error messages only
- -D <directory>,
--data-dir <directory>
- Data directory (default: /var/lib/suricata)
- -c <filename>,
--config <filename>
- configuration file (default: /etc/suricata/update.yaml)
- --suricata-conf
<filename>
- configuration file (default: /etc/suricata/suricata.yaml)
- --suricata
<path>
- Path to Suricata program
- --suricata-version
<version>
- Override Suricata version
- --user-agent
<user-agent>
- Set custom user-agent string
- --no-check-certificate
- Disable server SSL/TLS certificate verification
- -V, --version
- Display version
- -o <directory>,
--output <directory>
- Directory to write rules to
- -f, --force
- Force operations that might otherwise be skipped
- --yaml-fragment
<filename>
- Output YAML fragment for rule inclusion
- --url
<url>
- URL to use instead of auto-generating one (can be specified multiple
times)
- --local
<path>
- Local rule files or directories (can be specified multiple times)
- --sid-msg-map
<filename>
- Generate a sid-msg.map file
- --sid-msg-map-2
<filename>
- Generate a v2 sid-msg.map file
- --disable-conf
<filename>
- Filename of rule disable filters
- --enable-conf
<filename>
- Filename of rule enable filters
- --modify-conf
<filename>
- Filename of rule modification filters
- --drop-conf
<filename>
- Filename of drop rule filters
- --ignore
<pattern>
- Filenames to ignore (can be specified multiple times; default:
*deleted.rules)
- --no-ignore
- Disables the ignore option.
- --threshold-in
<filename>
- Filename of rule thresholding configuration
- --threshold-out
<filename>
- Output of processed threshold configuration
- --dump-sample-configs
- Dump sample config files to current directory
- --etopen
- Use ET-Open rules (default)
- --reload-command
<command>
- Command to run after update if modified
- --no-reload
- Disable reload
- -T <command>,
--test-command <command>
- Command to test Suricata configuration
- --no-test
- Disable testing rules with Suricata
- --no-merge
- Do not merge the rules into a single file
- --offline
- Run offline using most recent cached rules
- --fail
- Strictly fail and exit in case of an error