[Oisf-users] Suricata Unix Socket
Jones, Jason
jasonjones at arbor.net
Mon Oct 27 17:58:56 UTC 2014
If you want to do full automated scripting you should use the suricatasc
module that should get installed with suricata
import suricatasc
sc = suricatasc.SuricataSC(<socket file>)
sc.connect()
sc.send_command("pcap-file file_name.pcap test/")
Some documentation exists on the wik about the commands that you can pass
to send_command:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Interacting_via_Unix_Socket
On Mon, Oct 27, 2014 at 1:51 PM, Versnel Diemen <versneldiemen at gmail.com>
wrote:
> Hallo there,
>
> I'm currently writing a Python program which will send cmd to Suricatasc
> via the Unix Socket but i cannot get it working and also cannot find any
> good resource that can explain it to me.
> Plz Help me.
>
> This is the code that i have at the moment:
>
> def RunPcap():
>> soc = "/var/run/suricata/suricata-command.socket"
>> s = socket.socket(socket.AF_UNIX)
>> s.connect(soc)
>> s.send("pcap-file file_name.pcap test/")
>> s.close
>> RunPcap()
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Training now available: http://suricata-ids.org/training/
>
--
Jason Jones
ASERT Security Research Analyst
PGP Key: 0x3CD1DDE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20141027/b5531e1d/attachment-0002.html>
More information about the Oisf-users
mailing list