Suricata的命令行解释-白红宇

Suricata的命令行解释

阅读量：5278 次

发布时间：2019-06-14

本文共 2493 字，大约阅读时间需要 8 分钟。

　　见官网

https://suricata.readthedocs.io/en/latest/command-line-options.html

root@SELKS:~# suricataSuricata 4.0.0-dev (rev 5e3d8b1)USAGE: suricata [OPTIONS] [BPF FILTER]    -c 
     
                                  : path to configuration file    -T                                   : test configuration file (use with -c)    -i 
      
                              : run in pcap live mode    -F 
       
                         : bpf filter file    -r 
        
                                     : run in pcap file/offline mode    -q 
         
                                       : run in inline nfqueue mode    -s 
          
            : path to signature file loaded in addition to suricata.yaml settings (optional) -S 
           
             : path to signature file loaded exclusively (optional) -l 
            
              : default log directory -D : run as daemon -k [all|none] : force checksum check (all) or disabled it (none) -V : display Suricata version -v[v] : increase default Suricata verbosity --list-app-layer-protos : list supported app layer protocols --list-keywords[=all|csv|
             
              ] : list keywords implemented by the engine --list-runmodes : list supported runmodes --runmode 
              
                : specific runmode modification the engine should run. The argument supplied should be the id for the runmode obtained by running --list-runmodes --engine-analysis : print reports on analysis of different sections in the engine and exit. Please have a look at the conf parameter engine-analysis on what reports can be printed --pidfile 
               
                 : write pid to this file --init-errors-fatal : enable fatal failure on signature init error --disable-detection : disable detection engine --dump-config : show the running configuration --build-info : display build information --pcap[=
                
                 ] : run in pcap mode, no value select interfaces from suricata.yaml --pcap-buffer-size : size of the pcap buffer value from 0 - 2147483647 --af-packet[=
                 
                  ] : run in af-packet mode, no value select interfaces from suricata.yaml --simulate-ips : force engine into IPS mode. Useful for QA --user 
                  
                    : run suricata as this user after init --group 
                   
                     : run suricata as this group after init --erf-in 
                    
                      : process an ERF file --unix-socket[=
                     
                      ] : use unix socket to control suricata work --set name=value : set a configuration valueTo run the engine with default configuration on interface eth0 with signature file "signatures.rules", run the command as:suricata -c suricata.yaml -s signatures.rules -i eth0 root@SELKS:~#