Man Linux: Main Page and Category List


       suricata - Next Generation Intrusion Detection and Prevention Tool


       suricata [options]


       suricata  is a network Intrusion Detection System (IDS). It is based on
       rules (and is fully compatible with snort rules) to detect a variety of
       attacks / probes by searching packet content.

       This  new Engine supports Multi-Threading, Automatic Protocol Detection
       (IP, TCP, UDP, ICMP, HTTP, TLS, FTP and SMB), Gzip Decompression,  Fast
       IP  Matching  and  coming soon hardware acceleration on CUDA and OpenCL
       GPU cards.

       It supports acquiring packets through NFQUEUE, PCAP (live  or  offline)


       -c config_file
              Use configuration file config_file

       -i interface
              Sniff packets on interface.

       -r file
              Read  the  tcpdump-formatted file tcpdump-file.  This will cause
              Suricata to read and process the file fed to it.  This is useful
              for offline analysis.

       -q queue_id
              Sniff  packets  sent  by the kernel through NFQUEUE. This allows
              running Suricata in inline mode (IPS) for  packets  captured  by
              iptables using the NFQUEUE target.

       -s signatures
              Path to the signatures file.

       -l log_dir
              Path to the default log directory.

       -D     Run as daemon

              Enable fatal failure on signature init error.


       tcpdump(1), pcap(3).


       suricata was written by the Open Information Security Foundation.

       This  manual  page was written by Pierre Chifflier <>,
       for the Debian project (and may be used by others).

                                 February 2010