[Oisf-users] Suricata Unix Socket
Versnel Diemen
versneldiemen at gmail.com
Mon Oct 27 18:55:03 UTC 2014
Jones,
This is my final code... but it does not connect.
import socket
import suricatasc
*def RunPcap():*
* soc = "/var/run/suricata/suricata-command.socket"*
* sc = suricatasc.SuricataSC(soc)*
* sc.connect()*
* sc.send_command("pcap-file /2014-09-24-Fiesta-EK-traffic.pcap
test/")*
* s.close()*
*RunPcap()*
On Mon, Oct 27, 2014 at 7:31 PM, Jones, Jason <jasonjones at arbor.net> wrote:
> Correct, place the path to your socket file in place of <socket file>, e.g.
>
> soc = "/var/run/suricata/suricata-command.socket"
> *sc = suricatasc.SuricataSC(soc)*
>
> One thing to remember when sending commands is that the pcap-file-name and
> output-dir should probably be absolute paths instead of relative paths
> since the suricata socket doesn't have a concept of where you are
> communicating with it from.
>
> On Mon, Oct 27, 2014 at 2:07 PM, Versnel Diemen <versneldiemen at gmail.com>
> wrote:
>
>> Hi Jason,
>>
>> What do you mean with
>> *sc = suricatasc.SuricataSC(<socket file>)*
>>
>> I get invalid syntax as error. Do i have to fill in something at *(<socket
>> file>)* ?
>> Is "/var/run/suricata/suricata-*command.socket" *the socket file?
>>
>> On Mon, Oct 27, 2014 at 6:58 PM, Jones, Jason <jasonjones at arbor.net>
>> wrote:
>>
>>> If you want to do full automated scripting you should use the suricatasc
>>> module that should get installed with suricata
>>>
>>> import suricatasc
>>> sc = suricatasc.SuricataSC(<socket file>)
>>> sc.connect()
>>> sc.send_command("pcap-file file_name.pcap test/")
>>>
>>> Some documentation exists on the wik about the commands that you can
>>> pass to send_command:
>>>
>>>
>>> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Interacting_via_Unix_Socket
>>>
>>>
>>> On Mon, Oct 27, 2014 at 1:51 PM, Versnel Diemen <versneldiemen at gmail.com
>>> > wrote:
>>>
>>>> Hallo there,
>>>>
>>>> I'm currently writing a Python program which will send cmd to
>>>> Suricatasc via the Unix Socket but i cannot get it working and also cannot
>>>> find any good resource that can explain it to me.
>>>> Plz Help me.
>>>>
>>>> This is the code that i have at the moment:
>>>>
>>>> def RunPcap():
>>>>> soc = "/var/run/suricata/suricata-command.socket"
>>>>> s = socket.socket(socket.AF_UNIX)
>>>>> s.connect(soc)
>>>>> s.send("pcap-file file_name.pcap test/")
>>>>> s.close
>>>>> RunPcap()
>>>>
>>>>
>>>> _______________________________________________
>>>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>>>> Site: http://suricata-ids.org | Support:
>>>> http://suricata-ids.org/support/
>>>> List:
>>>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>> Training now available: http://suricata-ids.org/training/
>>>>
>>>
>>>
>>>
>>> --
>>> Jason Jones
>>> ASERT Security Research Analyst
>>> PGP Key: 0x3CD1DDE
>>>
>>
>>
>
>
> --
> Jason Jones
> ASERT Security Research Analyst
> PGP Key: 0x3CD1DDE
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20141027/59f7b44c/attachment-0002.html>
More information about the Oisf-users
mailing list