Provided by: suricata_3.2-2ubuntu6_amd64
suricatasc - client for Suricata unix socket
suricatasc -h] [-v] [-c COMMAND] [socket]
This manual page documents briefly the suricatasc command. suricatasc is a Python script that allows you communicate with suricata(8) daemon using standard Unix sockets. The exchange protocol is JSON-based. The creation of the socket is activated by setting enabled: yes under unix-command in Suricata YAML configuration file: [...] unix-command: enabled: yes filename: /var/run/suricata-command.socket [...] You can also start suricata(8) with the --unix-socket argument: suricata --unix-socket suricata --unix-socket=socket In case you don't specify socket, the default is /var/run/suricata-command.socket. To know if the suricata(8) daemon is build with the required capabilities run suricata --build-info and look for "Unix socket enabled: yes".
The program follows the usual GNU command line syntax, with long options starting with two dashes (`-'). A summary of options is included below. -h, --help Show summary of options. -v, --verbose Verbose output (including JSON dump). -c, --command COMMAND Execute a single COMMAND and return a JSON result (see below for possible commands).
You can use suricatasc in two modes: * one shot command * interactive CLI
The list of available commands is: shutdown this shutdown suricata command-list list available commands help alias of command-list version display Suricata's version uptime display Suricata's uptime running-mode display running mode (workers, autofp, simple) capture-mode display capture system used conf-get <key> get configuration item. >>> conf-get unix-command.enabled Success: "yes" dump-counters dump Suricata's performance counters reload-rules suricata will reload the rulesets register-tenant-handler register a tenant handler unregister-tenant-handler the inverse of the above register-tenant register a tenant reload-tenant reload a tenant unregister-tenant unregister a tenant iface-stat <iface> show interface stats iface-list show interfaces list pcap-file <file> load a file for pcap treatment pcap-file-number to know how much files are waiting to get processed pcap-file-list list of queued files pcap-file-current the current processed file
suricatasc was written by the Open Information Security Foundation. This man page was written by Arturo Borrero Gonzalez <email@example.com> for the Debian GNU/Linux distribution (but it may be used by others). 10 Oct 2016 SURICATASC(1)