suricata ops

quick hints

update and reload rules

suricata-update
kill -USR2 `cat /var/run/suricata.pid 2>/dev/null`

rotate logs – to include within the scheduled log rotation script after rotating log files

kill -HUP `cat /var/run/suricata.pid 2>/dev/null`

basic checks

    ls -lF /var/log/suricata/
    cat /var/log/suricata/suricata-start.log
    tail -F /var/log/suricata/suricata.log

reload

HUP doesn’t seem to work here

kill -HUP `cat /var/run/suricata.pid`

status

socket shows up after some time

    ps auxww | grep suricata
    ls -lF /var/run/suricata.pid
    ls -lF /var/run/suricata/*

stop

forget about kill and pkill

    suricatasc -c shutdown
    #pkill -9 suricata
    #ps auxww | grep suricata
    #rm -f /var/run/suricata.pid

update rules

date
ls -lhF /var/lib/suricata/rules/suricata.rules
grep 2200003 /var/lib/suricata/rules/suricata.rules

    suricatasc -c reload-rules
    #reload-rules, ruleset-reload-rules, ruleset-reload-nonblocking

resources

https://suricata.readthedocs.io/en/suricata-4.1.2/unix-socket.html ==> suricatasc


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun