Suricatasc is a unix socket interaction script that is automatically installed when one compiles/installs Suricata IDS/IPS. An in depth description, prerequisites and how to documentation is located here - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Interacting_via_Unix_Socket
However lets look at a quick usage example - that can come very handy in certain situations.
Once you have unix socket command enabled in suricata.yaml :
unix-command:
enabled: yes
#filename: custom.socket # use this to specify an alternate file
the traditional way to use the script would be type suricatasc and hit Enter (on the machine running Suricata):
However you can also use it directly as a command line parameter for example :
root@suricata:~# suricatasc -c version
like so:
NOTE:
You need to quote commands involving interfaces:
root@debian64:~# suricatasc -c "iface-stat eth0"
Very handy when you want quick interaction and info from the currently running Suricata IDS/IPS.
No comments:
Post a Comment