ls -lF /var/log/suricata/
cat /var/log/suricata/suricata-start.log
tail -F /var/log/suricata/suricata.log
cp -pi /etc/default/suricata /etc/default/suricata.dist
vi /etc/default/suricata
IFACE=NIC-HERE
systemctl restart suricata
systemctl status suricata
journalctl -xeu suricata
vi /etc/rc.local
#!/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:$PATH
ifconfig wg0 && suricata --af-packet -D -i wg0
# --init-errors-fatal
# -c /etc/suricata/suricata.yaml (default)
# --pidfile /var/run/suricata.pid (default)
# -vvv
# --user=suri
chmod +x /etc/rc.local
systemctl list-unit-files | grep rc-local
HUP doesn’t seem to work here
kill -HUP `cat /var/run/suricata.pid`
socket shows up after some time
ps auxww | grep suricata
ls -lF /var/run/suricata.pid
ls -lF /var/run/suricata/*
forget about kill and pkill
suricatasc -c shutdown
#pkill -9 suricata
#ps auxww | grep suricata
#rm -f /var/run/suricata.pid
date
ls -lhF /var/lib/suricata/rules/suricata.rules
grep 2200003 /var/lib/suricata/rules/suricata.rules
suricatasc -c reload-rules
#reload-rules, ruleset-reload-rules, ruleset-reload-nonblocking
https://suricata.readthedocs.io/en/suricata-4.1.2/unix-socket.html ==> suricatasc