|
|
|
|
@ -14,62 +14,88 @@ this:
|
|
|
|
|
-a
|
|
|
|
|
--long-option
|
|
|
|
|
|
|
|
|
|
::
|
|
|
|
|
.. option:: -c <path>
|
|
|
|
|
|
|
|
|
|
The -c option the most important option. After -c you can enter the
|
|
|
|
|
path to the location of suricata.yaml.
|
|
|
|
|
|
|
|
|
|
.. option:: -i <interface>
|
|
|
|
|
|
|
|
|
|
After the -i option you can enter the interface card you would like
|
|
|
|
|
to use to sniff packets from. It concerns sniffing packets with
|
|
|
|
|
libpcap in the pcap live mode.
|
|
|
|
|
|
|
|
|
|
.. option:: -r <filename.pcap>
|
|
|
|
|
|
|
|
|
|
After the -r option you can enter the path to the pcap-file in
|
|
|
|
|
which packets are recorded. That way you can inspect the packets in
|
|
|
|
|
that file in the pcap/offline mode.
|
|
|
|
|
|
|
|
|
|
.. option:: -s <filename.rules>
|
|
|
|
|
|
|
|
|
|
-c The -c option the most important option. After -c you can enter the path to the location of
|
|
|
|
|
suricata.yaml.
|
|
|
|
|
With the -s option you can set a file with signatures, which will
|
|
|
|
|
be loaded together with the rules set in yaml.
|
|
|
|
|
|
|
|
|
|
-i After the -i option you can enter the interface card you would like to use to sniff packets from.
|
|
|
|
|
It concerns sniffing packets with libpcap in the pcap live mode.
|
|
|
|
|
.. option:: -l <directory>
|
|
|
|
|
|
|
|
|
|
-r After the -r option you can enter the path to the pcap-file in which packets are recorded. That way
|
|
|
|
|
you can inspect the packets in that file in the pcap/offline mode.
|
|
|
|
|
With the -l option you can set the default log directory. If you
|
|
|
|
|
already have the default-log-dir set in yaml, it will not be used
|
|
|
|
|
by Suricata if you use the -l option. It will use the log dir that
|
|
|
|
|
is set with the -l option. If you do not set a directory with
|
|
|
|
|
the -l option, Suricata will use the directory that is set in yaml.
|
|
|
|
|
|
|
|
|
|
-s With the -s option you can set a file with signatures, which will be loaded together with the rules
|
|
|
|
|
set in yaml.
|
|
|
|
|
.. option:: -D
|
|
|
|
|
|
|
|
|
|
-l With the -l option you can set the default log directory. If you already have the default-log-dir set
|
|
|
|
|
in yaml, it will not be used by Suricata if you use the -l option. It will use the log dir that is set
|
|
|
|
|
with the -l
|
|
|
|
|
option. If you do not set a directory with the -l option, Suricata will use the directory that is set
|
|
|
|
|
in yaml.
|
|
|
|
|
Normally if you run Suricata on your console, it keeps your console
|
|
|
|
|
occupied. You can not use it for other purposes, and when you close
|
|
|
|
|
the window, Suricata stops running. If you run Suricata as deamon
|
|
|
|
|
(using the -D option), it runs at the background and you will be
|
|
|
|
|
able to use the console for other tasks without disturbing the
|
|
|
|
|
engine running.
|
|
|
|
|
|
|
|
|
|
.. option:: --list-app-layer-protos
|
|
|
|
|
|
|
|
|
|
-D Normally if you run Suricata on your console, it keeps your console occupied. You
|
|
|
|
|
can not use it for other purposes, and when you close the window, Suricata stops running.
|
|
|
|
|
If you run Suricata as deamon (using the -D option), it runs at the background and you will be able
|
|
|
|
|
to use the console for other tasks without disturbing the engine running.
|
|
|
|
|
List supported app layer protocols.
|
|
|
|
|
|
|
|
|
|
--list-app-layer-protos : list supported app layer protocols
|
|
|
|
|
.. option:: --list-keywords[=all|csv|<kword>]
|
|
|
|
|
|
|
|
|
|
--list-keywords[=all|csv|<kword>] : list keywords implemented by the engine
|
|
|
|
|
List keywords implemented by the engine
|
|
|
|
|
|
|
|
|
|
.. option:: --list-runmodes
|
|
|
|
|
|
|
|
|
|
--list-runmodes The option --list-runmodes lists all possible runmodes.
|
|
|
|
|
The option --list-runmodes lists all possible runmodes.
|
|
|
|
|
|
|
|
|
|
--runmode (in combination with the command line opion -i or -r)
|
|
|
|
|
With the --runmode option you can
|
|
|
|
|
set the runmode that you would like to use. This command line option can override the
|
|
|
|
|
yaml runmode option.
|
|
|
|
|
.. option:: --runmode <runmode>
|
|
|
|
|
|
|
|
|
|
(in combination with the command line opion -i or -r) With
|
|
|
|
|
the --runmode option you can set the runmode that you would like to
|
|
|
|
|
use. This command line option can override the yaml runmode option.
|
|
|
|
|
|
|
|
|
|
For more information about runmodes see: :doc:`performance/runmodes`
|
|
|
|
|
|
|
|
|
|
Unit Tests
|
|
|
|
|
~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
::
|
|
|
|
|
.. option:: -u
|
|
|
|
|
|
|
|
|
|
With the -u option you can run unit tests to test Suricata's code.
|
|
|
|
|
|
|
|
|
|
.. option:: -U <regex>
|
|
|
|
|
|
|
|
|
|
With the -U option you can select which of the unit tests you want
|
|
|
|
|
to run. This option uses REGEX. Example of use: suricata -u -U
|
|
|
|
|
http
|
|
|
|
|
|
|
|
|
|
-u With the -u option you can run unit tests to test Suricata's code.
|
|
|
|
|
.. option:: --list-unittests
|
|
|
|
|
|
|
|
|
|
-U With the -U option you can select which of the unit tests you want to run. This option uses REGEX.
|
|
|
|
|
Example of use:
|
|
|
|
|
suricata -u -U http
|
|
|
|
|
The --list-unittests option shows a list with all possible unit
|
|
|
|
|
tests.
|
|
|
|
|
|
|
|
|
|
--list-unittests The --list-unittests option shows a list with all possible unit tests.
|
|
|
|
|
.. option:: --fatal-unittests
|
|
|
|
|
|
|
|
|
|
--fatal-unittests With the --fatal-unittests option you can run unit tests but it will stop immediately after one test fails
|
|
|
|
|
so you can see directly where it went wrong.
|
|
|
|
|
With the --fatal-unittests option you can run unit tests but it
|
|
|
|
|
will stop immediately after one test fails so you can see directly
|
|
|
|
|
where it went wrong.
|
|
|
|
|
|
|
|
|
|
PF_RING options
|
|
|
|
|
~~~~~~~~~~~~~~~
|
|
|
|
|
|
Jason Ish
9 years ago
committed by
Victor Julien