Suricata的命令行解释

 

 

  见官网

https://suricata.readthedocs.io/en/latest/command-line-options.html

 

 

 

 

 

Suricata的命令行解释_第1张图片

root@SELKS:~# suricata
Suricata 4.0.0-dev (rev 5e3d8b1)
USAGE: suricata [OPTIONS] [BPF FILTER]

    -c                             : path to configuration file
    -T                                   : test configuration file (use with -c)
    -i                        : run in pcap live mode
    -F                  : bpf filter file
    -r                             : run in pcap file/offline mode
    -q                              : run in inline nfqueue mode
    -s                             : path to signature file loaded in addition to suricata.yaml settings (optional)
    -S                             : path to signature file loaded exclusively (optional)
    -l                              : default log directory
    -D                                   : run as daemon
    -k [all|none]                        : force checksum check (all) or disabled it (none)
    -V                                   : display Suricata version
    -v[v]                                : increase default Suricata verbosity
    --list-app-layer-protos              : list supported app layer protocols
    --list-keywords[=all|csv|]    : list keywords implemented by the engine
    --list-runmodes                      : list supported runmodes
    --runmode                : specific runmode modification the engine should run.  The argument
                                           supplied should be the id for the runmode obtained by running
                                           --list-runmodes
    --engine-analysis                    : print reports on analysis of different sections in the engine and exit.
                                           Please have a look at the conf parameter engine-analysis on what reports
                                           can be printed
    --pidfile                      : write pid to this file
    --init-errors-fatal                  : enable fatal failure on signature init error
    --disable-detection                  : disable detection engine
    --dump-config                        : show the running configuration
    --build-info                         : display build information
    --pcap[=]                       : run in pcap mode, no value select interfaces from suricata.yaml
    --pcap-buffer-size                   : size of the pcap buffer value from 0 - 2147483647
    --af-packet[=]                  : run in af-packet mode, no value select interfaces from suricata.yaml
    --simulate-ips                       : force engine into IPS mode. Useful for QA
    --user                         : run suricata as this user after init
    --group                       : run suricata as this group after init
    --erf-in                       : process an ERF file
    --unix-socket[=]               : use unix socket to control suricata work
    --set name=value                     : set a configuration value


To run the engine with default configuration on interface eth0 with signature file "signatures.rules", run the command as:

suricata -c suricata.yaml -s signatures.rules -i eth0 

root@SELKS:~# 

 

你可能感兴趣的:(Suricata的命令行解释)