aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd9811e58b6'
${ noResults }
suricata/doc/userguide/manpages/suricata.rst

203 lines
4.6 KiB
ReStructuredText
Raw Blame History

Suricata
========
SYNOPSIS
--------
**suricata** [OPTIONS] [BPF FILTER]
DESCRIPTION
-----------
Suricata is a high performance Network IDS, IPS and Network Security
Monitoring engine. Open Source and owned by a community run non-profit
foundation, the Open Information Security Foundation (OISF).
OPTIONS
-------
.. option:: -c <path>
Path to configuration file.
.. option:: -T
Test configuration.
.. option:: -i <device or IP address>
Run in PCAP live mode on provided interface.
.. option:: -F <bpf filter file>
Use BPF filter from file.
.. option:: -r <path>
Run in pcap offline mode reading files from pcap file.
.. option:: -q <queue id>
Run inline of the NFQUEUE queue ID provided. May be provided
multiple times.
.. option:: -s <path>
Path to a signature file to load. Will be loaded in addition to the
rule files specified in the configuration file.
.. option:: -S <path>
Path to signature file to load exclusively. Signature files
specified in the configuration file will not be loaded.
.. option:: -l <directory>
Set log directory. Overrides the default-log-directory provided in
the configuration file.
.. option:: -D
Run as a daemon.
.. option:: -k [all|none]
Force (all) the checksum check or disable (none) all checksum
checks.
.. option:: -V
Display version.
.. option:: -v[v]
Increase the verbosity of logging. This is Suricata application
logging, not event or NSM logging.
.. option:: -u
Run the unit tests and exit. Requires that Suricata be compiled
with *--enable-unittests*.
.. option:: -U, --unittest-filter=REGEX
File the executed unit tests with a regular expression.
.. option:: --list-unittests
List all unit tests.
.. option:: --fatal-unittests
Enables fatal failure on a unit test error. Suricata will exit
instead of continuuing more tests.
.. option:: --unittests-coverage
Display unit test coverage report.
.. option:: --list-app-layer-protos
List all supported application layer protocols.
.. option:: --list-keywords=[all|csv|<kword>]
List all supported rule keywords.
.. option:: --list-runmodes
List all supported run modes.
.. option:: --runmode <runmode>
Run with a specific run mode. Run modes may be viewed with the
*--list-runmodes* option. Usually one of *workers*, *autofp*, or
*single*.
.. option:: --engine-analysis
Print reports on analysis of different sections in the engine and
exit. Please have a look at the conf parameter engine-analysis on
what reports can be printed
.. option:: --pidfile <file>
Write the process ID to file. Overrides the *pid-file* option in
the configuration file and forces the file to be written when not
running as a daemon.
.. option:: --init-errors-fatal
Exit with a failure when errors are encountered loading signatures.
.. option:: --disable-detection
Disable the detection engine.
.. option:: --dump-config
Dump the configuration loaded from the configuration file to the
terminal and exit.
.. option:: --build-info
Display the build information the Suricata was built with.
.. option:: --pcap=<device>
Run in PCAP mode. If no device is provided the interfaces
provided in the *pcap* section of the configuration file will be
used.
.. option:: --pcap-buffer-size=<size>
Set the size of the PCAP buffer (0 - 2147483647).
.. option:: --af-packet=<device>
Run in AF_PACKET mode. If no device is provided the interfaces
provided in the *af-packet* section of the configuration file will be
used.
.. option:: --simulate-ips
Force the engine into IPS mode. Useful for QA.
.. option:: --user=<user>
Set the process user after initialization. Overrides the user
provided in the *run-as* section of the configuration file.
.. option:: --group=<group>
Set the process group to group after initialization. Overrides the
group provided in the *run-as* section of the configuration file.
.. option:: --erf-in=<file>
Run in offline mode reading the specific ERF file (Endace
extensible record format).
.. option:: --unix-socket=<file>
Use file as the Suricata unix control socket. Overrides the
*filename* provided in the *unix-command* section of the
configuration file.
.. option:: --set <name>=<value>
Set a configuration value. Useful for overriding basic
configuration parameters in the configuration. For example, to
change the default log directory::
--set default-log-dir=/var/tmp
FILES AND DIRECTORIES
---------------------
|sysconfdir|/suricata/suricata.yaml
Default location of the Suricata configuration file.
|localstatedir|/log/suricata
Default Suricata log directory.
Reference in New Issue View Git Blame Copy Permalink