[Oisf-users] Suricata Unix Socket
Versnel Diemen
versneldiemen at gmail.com
Mon Oct 27 18:07:21 UTC 2014
Hi Jason,
What do you mean with
*sc = suricatasc.SuricataSC(<socket file>)*
I get invalid syntax as error. Do i have to fill in something at *(<socket
file>)* ?
Is "/var/run/suricata/suricata-*command.socket" *the socket file?
On Mon, Oct 27, 2014 at 6:58 PM, Jones, Jason <jasonjones at arbor.net> wrote:
> If you want to do full automated scripting you should use the suricatasc
> module that should get installed with suricata
>
> import suricatasc
> sc = suricatasc.SuricataSC(<socket file>)
> sc.connect()
> sc.send_command("pcap-file file_name.pcap test/")
>
> Some documentation exists on the wik about the commands that you can pass
> to send_command:
>
>
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Interacting_via_Unix_Socket
>
>
> On Mon, Oct 27, 2014 at 1:51 PM, Versnel Diemen <versneldiemen at gmail.com>
> wrote:
>
>> Hallo there,
>>
>> I'm currently writing a Python program which will send cmd to Suricatasc
>> via the Unix Socket but i cannot get it working and also cannot find any
>> good resource that can explain it to me.
>> Plz Help me.
>>
>> This is the code that i have at the moment:
>>
>> def RunPcap():
>>> soc = "/var/run/suricata/suricata-command.socket"
>>> s = socket.socket(socket.AF_UNIX)
>>> s.connect(soc)
>>> s.send("pcap-file file_name.pcap test/")
>>> s.close
>>> RunPcap()
>>
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Training now available: http://suricata-ids.org/training/
>>
>
>
>
> --
> Jason Jones
> ASERT Security Research Analyst
> PGP Key: 0x3CD1DDE
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20141027/6015d5e7/attachment-0002.html>
More information about the Oisf-users
mailing list