<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">If you want to do full automated scripting you should use the suricatasc module that should get installed with suricata</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">    import suricatasc</div><div class="gmail_default" style><span style="font-family:arial,helvetica,sans-serif;font-size:small">   </span><span style="font-family:arial,helvetica,sans-serif;font-size:small"> </span><font face="arial, helvetica, sans-serif">sc = suricatasc.SuricataSC(<socket file>)</font><br></div><div class="gmail_default" style><span style="font-family:arial,helvetica,sans-serif;font-size:small">   </span><span style="font-family:arial,helvetica,sans-serif;font-size:small"> </span><font face="arial, helvetica, sans-serif">sc.connect()</font></div><div class="gmail_default" style><span style="font-family:arial,helvetica,sans-serif;font-size:small">   </span><span style="font-family:arial,helvetica,sans-serif;font-size:small"> </span><font face="arial, helvetica, sans-serif">sc.send_command("</font><span style="font-family:arial;font-size:small">pcap-file file_name.pcap test/")</span></div><div class="gmail_default" style><span style="font-family:arial;font-size:small"><br></span></div><div class="gmail_default" style><font face="arial">Some documentation exists on the wik about the commands that you can pass to send_command:</font></div><div class="gmail_default" style><font face="arial"><br></font></div><div class="gmail_default" style><font face="arial">   <a href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Interacting_via_Unix_Socket">https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Interacting_via_Unix_Socket</a></font></div><div class="gmail_default" style><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Oct 27, 2014 at 1:51 PM, Versnel Diemen <span dir="ltr"><<a href="mailto:versneldiemen@gmail.com" target="_blank">versneldiemen@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hallo there,<div><br></div><div>I'm currently writing a Python program which will send cmd to Suricatasc via the Unix Socket but i cannot get it working and also cannot find any good resource that can explain it to me.</div><div>Plz Help me.</div><div><br></div><div>This is the code that i have at the moment:</div><div><br></div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">def RunPcap():<br>        soc = "/var/run/suricata/suricata-command.socket"<br>        s = socket.socket(socket.AF_UNIX)<br>        s.connect(soc)<br>        s.send("pcap-file file_name.pcap test/")<br>        s.close<br>RunPcap()</blockquote></div></div>
<br>_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
Training now available: <a href="http://suricata-ids.org/training/" target="_blank">http://suricata-ids.org/training/</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div>Jason Jones</div><div>ASERT Security Research Analyst</div><div>PGP Key: 0x3CD1DDE</div></div>
</div>