1SURICATASC(1) Suricata SURICATASC(1)
2
6 suricatasc - Tool to interact via unix socket
7
9 suricatasc
10
12 Suricata socket control tool
13
15 shutdown
16 Shut Suricata instance down.
17 command-list
19 List available commands.
20 help Get help about the available commands.
22 version
24 Print the version of Suricata instance.
25 uptime Display the uptime of Suricata.
27 running-mode
29 Display running mode. This can either be workers, autofp or sin‐
30 gle.
31 capture-mode
33 Display the capture mode. This can be either of PCAP_DEV,
34 PCAP_FILE, PFRING(DISABLED), NFQ, NFLOG, IPFW, ERF_FILE,
35 ERF_DAG, AF_PACKET_DEV, NETMAP(DISABLED), UNIX_SOCKET or WINDI‐
36 VERT(DISABLED).
37 conf-get <variable>
39 Get configuration value for a given variable. Variable to be
40 provided can be either of the configuration parameters that are
41 written in suricata.yaml.
42 dump-counters
44 Dump Suricata’s performance counters.
45 ruleset-reload-rules
47 Reload the ruleset and wait for completion.
48 reload-rules
50 Alias .. describe ruleset-reload-rules.
51 ruleset-reload-nonblocking
53 Reload ruleset and proceed without waiting.
54 ruleset-reload-time
56 Return time of last reload.
57 ruleset-stats
59 Display the number of rules loaded and failed.
60 ruleset-failed-rules
62 Display the list of failed rules.
63 register-tenant-handler <id> <htype> [hargs]
65 Register a tenant handler with the specified mapping.
66 unregister-tenant-handler <id> <htype> [hargs]
68 Unregister a tenant handler with the specified mapping.
69 register-tenant <id> <filename>
71 Register tenant with a particular ID and filename.
72 reload-tenant <id> <filename>
74 Reload a tenant with specified ID and filename.
75 unregister-tenant <id>
77 Unregister tenant with a particular ID.
78 add-hostbit <ipaddress> <hostbit> <expire>
80 Add hostbit on a host IP with a particular bit name and time of
81 expiry.
82 remove-hostbit <ipaddress> <hostbit>
84 Remove hostbit on a host IP with specified IP address and bit
85 name.
86 list-hostbit <ipaddress>
88 List hostbit for a particular host IP.
89 reopen-log-files
91 Reopen log files to be run after external log rotation.
92 memcap-set <config> <memcap>
94 Update memcap value of a specified item.
95 memcap-show <config>
97 Show memcap value of a specified item.
98 memcap-list
100 List all memcap values available.
101
103 pcap-file <file> <dir> [tenant] [continuous] [delete-when-done]
104 Add pcap files to Suricata for sequential processing. The gener‐
105 ated log/alert files will be put into the directory specified as
106 second argument. Make sure to provide absolute path to the
107 files and directory. It is acceptable to add multiple files
108 without waiting the result.
109 pcap-file-continuous <file> <dir> [tenant] [delete-when-done]
111 Add pcap files to Suricata for sequential processing. Directory
112 will be monitored for new files being added until there is a use
113 of pcap-interrupt or directory is moved or deleted.
114 pcap-file-number
116 Number of pcap files waiting to get processed.
117 pcap-file-list
119 List of queued pcap files.
120 pcap-last-processed
122 Processed time of last file in milliseconds since epoch.
123 pcap-interrupt
125 Terminate the current state by interrupting directory process‐
126 ing.
127 pcap-current
129 Currently processed file.
130
132 Please visit Suricata’s support page for information about submitting
133 bugs or feature requests.
134
136 • Suricata Home Page
137 https://suricata-ids.org/
138 • Suricata Support Page
140 https://suricata-ids.org/support/
141
143 2016-2019, OISF
1446.0.5 Apr 21, 2022 SURICATASC(1)