NAME

       suricata - Next Generation Intrusion Detection and Prevention Tool

SYNOPSIS

       suricata [options]

DESCRIPTION

       suricata is a network Intrusion Detection System (IDS). It is based on rules (and is fully
       compatible with snort rules) to detect a variety of attacks / probes by  searching  packet
       content.

       This  new  Engine  supports  Multi-Threading,  Automatic Protocol Detection (IP, TCP, UDP,
       ICMP, HTTP, TLS, FTP and SMB), Gzip  Decompression,  Fast  IP  Matching  and  coming  soon
       hardware acceleration on CUDA and OpenCL GPU cards.

       It supports acquiring packets through NFQUEUE, PCAP (live or offline) etc.

OPTIONS

       -c config_file
              Use configuration file config_file

       -i interface
              Sniff packets on interface.

       -r file
              Read the tcpdump-formatted file tcpdump-file.  This will cause Suricata to read and
              process the file fed to it.  This is useful for offline analysis.

       -q queue_id
              Sniff packets sent by the kernel through NFQUEUE. This allows running  Suricata  in
              inline mode (IPS) for packets captured by iptables using the NFQUEUE target.

       -s signatures
              Path to the signatures file.

       -l log_dir
              Path to the default log directory.

       -D     Run as daemon

       --init-errors-fatal
              Enable fatal failure on signature init error.

SEE ALSO

       tcpdump(1), pcap(3).

AUTHOR

       suricata was written by the Open Information Security Foundation.

       This  manual  page  was  written  by  Pierre Chifflier <pollux@debian.org>, for the Debian
       project (and may be used by others).

                                          February 2010                               SURICATA(8)