SYNOPSIS

suricata [options]

DESCRIPTION

suricata is a network Intrusion Detection System (IDS). It is based on rules (and is fully compatible with snort rules) to detect a variety of attacks / probes by searching packet content.

This new Engine supports Multi-Threading, Automatic Protocol Detection (IP, TCP, UDP, ICMP, HTTP, TLS, FTP and SMB), Gzip Decompression, Fast IP Matching and coming soon hardware acceleration on CUDA and OpenCL GPU cards.

It supports acquiring packets through NFQUEUE, PCAP (live or offline) etc.

OPTIONS

-c config_file

Use configuration file config_file

-i interface

Sniff packets on interface.

-r file

Read the tcpdump-formatted file tcpdump-file. This will cause Suricata to read and process the file fed to it. This is useful for offline analysis.

-q queue_id

Sniff packets sent by the kernel through NFQUEUE. This allows running Suricata in inline mode (IPS) for packets captured by iptables using the NFQUEUE target.

-s signatures

Path to the signatures file.

-l log_dir

Path to the default log directory.

-D

Run as daemon

--init-errors-fatal

Enable fatal failure on signature init error.

RELATED TO suricata…

tcpdump(1), pcap(3).

AUTHOR

suricata was written by the Open Information Security Foundation.

This manual page was written by Pierre Chifflier <[email protected]>, for the Debian project (and may be used by others).