[Oisf-users] Suricata Unix Socket

Jones, Jason jasonjones at arbor.net
Mon Oct 27 17:58:56 UTC 2014


If you want to do full automated scripting you should use the suricatasc
module that should get installed with suricata

    import suricatasc
    sc = suricatasc.SuricataSC(<socket file>)
    sc.connect()
    sc.send_command("pcap-file file_name.pcap test/")

Some documentation exists on the wik about the commands that you can pass
to send_command:


https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Interacting_via_Unix_Socket


On Mon, Oct 27, 2014 at 1:51 PM, Versnel Diemen <versneldiemen at gmail.com>
wrote:

> Hallo there,
>
> I'm currently writing a Python program which will send cmd to Suricatasc
> via the Unix Socket but i cannot get it working and also cannot find any
> good resource that can explain it to me.
> Plz Help me.
>
> This is the code that i have at the moment:
>
> def RunPcap():
>>         soc = "/var/run/suricata/suricata-command.socket"
>>         s = socket.socket(socket.AF_UNIX)
>>         s.connect(soc)
>>         s.send("pcap-file file_name.pcap test/")
>>         s.close
>> RunPcap()
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Training now available: http://suricata-ids.org/training/
>



-- 
Jason Jones
ASERT Security Research Analyst
PGP Key: 0x3CD1DDE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20141027/b5531e1d/attachment-0002.html>


More information about the Oisf-users mailing list