NAME

       suricata - Next Generation Intrusion Detection and Prevention Tool

SYNOPSIS

       suricata [options]

DESCRIPTION

       suricata  is  a  network  Intrusion Detection System (IDS). It is based on rules (and is fully compatible
       with snort rules) to detect a variety of attacks / probes by searching packet content.

       This new Engine supports Multi-Threading, Automatic Protocol Detection (IP, TCP, UDP,  ICMP,  HTTP,  TLS,
       FTP  and  SMB),  Gzip  Decompression,  Fast IP Matching and coming soon hardware acceleration on CUDA and
       OpenCL GPU cards.

       It supports acquiring packets through NFQUEUE, PCAP (live or offline) etc.

OPTIONS

       -c config_file
              Use configuration file config_file

       -i interface
              Sniff packets on interface.

       -r file
              Read the tcpdump-formatted file tcpdump-file.  This will cause Suricata to read  and  process  the
              file fed to it.  This is useful for offline analysis.

       -q queue_id
              Sniff  packets  sent  by  the  kernel through NFQUEUE. This allows running Suricata in inline mode
              (IPS) for packets captured by iptables using the NFQUEUE target.

       -s signatures
              Path to the signatures file.

       -l log_dir
              Path to the default log directory.

       -D     Run as daemon

       --init-errors-fatal
              Enable fatal failure on signature init error.

SEE ALSO

       tcpdump(1), pcap(3).

AUTHOR

       suricata was written by the Open Information Security Foundation.

       This manual page was written by Pierre Chifflier <pollux@debian.org>, for the Debian project (and may  be
       used by others).

                                                  February 2010                                      SURICATA(8)