信息安全从业人员^_^
一个未入门de情报学胖子(邮箱:tenghm1986@163.com)
Toggle navigation
信息安全从业人员^_^
主页
About Me
归档
标签
suricata 常用命令
2019-08-15 15:49:18
1125
0
0
heming
# 1.常用命令 ``` suricata -c /etc/suricata/suricata/yaml -i eth0 -v suricata -c /etc/suricata/suricata/yaml -r test.pcap -l ./ #read the pcap file suricata -c /etc/suricata/suricata/yaml -T # test the rules and configuration ps aux | grep suricata |grep -v grep | tr -s " " | cut -d " " -f2 | xargs kill -USR2 #动态加载规则 suricata -c /etc/suricata/suricata.yaml --af-packet=enp7s0 ``` # 2.单元测试 Builtin unittests are only available if Suricata has been built with **--enable-unittests** >__-u__ Run the unit tests and exit. Requires that Suricata be compiled with –enable-unittests. >__-U__ With the -U option you can select which of the unit tests you want to run. This option uses REGEX. Example of use: **suricata -u -U http** >__--list-unittests__ List all unit tests >__fatal-unittests__ Enables fatal failure on a unit test error. Suricata will exit instead of continuing more tests. --- **command for unit-test** ``` sudo ./src/suricata -u -l ./qa/log -U http > unittests.log 2>&1 #测试http rules sudo ./src/suricata -u -l ./qa/log --fatal-unittests > unittests.log 2>&1 ``` ---
上一篇:
SKELK(Suricata-Kafka-Elasticsearch-Logstash-Kibana)安装
下一篇:
suricata内核丢包及抓包工作模式解读
0
赞
1125 人读过
新浪微博
微信
腾讯微博
QQ空间
人人网
Please enable JavaScript to view the
comments powered by Disqus.
comments powered by
Disqus
文档导航
heming
信息安全从业人员^_^