blob: 9652d7a43f7c8d579ac293cb7724ec9b150ba669 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
Suricata
========
SYNOPSIS
--------
**suricata** [OPTIONS] [BPF FILTER]
DESCRIPTION
-----------
**suricata** is a high performance Network IDS, IPS and Network Security
Monitoring engine. Open Source and owned by a community run non-profit
foundation, the Open Information Security Foundation (OISF).
**suricata** can be used to analyze live traffic and pcap files. It can
generate alerts based on rules. **suricata** will generate traffic logs.
When used with live traffic **suricata** can be passive or active. Active
modes are: inline in a L2 bridge setup, inline with L3 integration with
host firewall (NFQ, IPFW, WinDivert), or out of band using active responses.
OPTIONS
--------------
.. include:: ../partials/options.rst
OPTIONS FOR DEVELOPERS
----------------------
.. include:: ../partials/options-unittests.rst
SIGNALS
-------
Suricata will respond to the following signals:
SIGUSR2
Causes Suricata to perform a live rule reload.
SIGHUP
Causes Suricata to close and re-open all log files. This can be
used to re-open log files after they may have been moved away by
log rotation utilities.
FILES AND DIRECTORIES
---------------------
|sysconfdir|/suricata/suricata.yaml
Default location of the Suricata configuration file.
|localstatedir|/log/suricata
Default Suricata log directory.
EXAMPLES
--------
To capture live traffic from interface `eno1`::
suricata -i eno1
To analyze a pcap file and output logs to the CWD::
suricata -r /path/to/capture.pcap
To capture using `AF_PACKET` and override the flow memcap setting from the `suricata.yaml`::
suricata --af-packet --set flow.memcap=1gb
To analyze a pcap file with a custom rule file::
suricata -r /pcap/to/capture.pcap -S /path/to/custom.rules
BUGS
----
Please visit Suricata's support page for information about submitting
bugs or feature requests.
NOTES
-----
* Suricata Home Page
https://suricata.io/
* Suricata Support Page
https://suricata.io/support/
|
