suricata ops

quick hintsquick hints

update and reload rules

suricata-update
kill -USR2 `cat /var/run/suricata.pid 2>/dev/null`

rotate logs – to include within the scheduled log rotation script after rotating log files

kill -HUP `cat /var/run/suricata.pid 2>/dev/null`

basic checksbasic checks

ls -lF /var/log/suricata/
cat /var/log/suricata/suricata-start.log
tail -F /var/log/suricata/suricata.log

reload

HUP doesn’t seem to work here

kill -HUP `cat /var/run/suricata.pid`

status

socket shows up after some time

ps auxww | grep suricata
ls -lF /var/run/suricata.pid
ls -lF /var/run/suricata/*

stop

forget about kill and pkill

suricatasc -c shutdown
#pkill -9 suricata
#ps auxww | grep suricata
#rm -f /var/run/suricata.pid

update rulesupdate rules

date
ls -lhF /var/lib/suricata/rules/suricata.rules
grep 2200003 /var/lib/suricata/rules/suricata.rules

suricatasc -c reload-rules
#reload-rules, ruleset-reload-rules, ruleset-reload-nonblocking

resourcesresources

https://suricata.readthedocs.io/en/suricata-4.1.2/unix-socket.html ==> suricatasc


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Licensed under MIT