NAME
suricata - Next Generation Intrusion Detection and Prevention Tool
SYNOPSIS
suricata [options]
DESCRIPTION
suricata is a network Intrusion Detection System (IDS). It is based on
rules (and is fully compatible with snort rules) to detect a variety of
attacks / probes by searching packet content.
This new Engine supports Multi-Threading, Automatic Protocol Detection
(IP, TCP, UDP, ICMP, HTTP, TLS, FTP and SMB), Gzip Decompression, Fast
IP Matching and coming soon hardware acceleration on CUDA and OpenCL
GPU cards.
It supports acquiring packets through NFQUEUE, PCAP (live or offline)
etc.
OPTIONS
-c config_file
Use configuration file config_file
-i interface
Sniff packets on interface.
-r file
Read the tcpdump-formatted file tcpdump-file. This will cause
Suricata to read and process the file fed to it. This is useful
for offline analysis.
-q queue_id
Sniff packets sent by the kernel through NFQUEUE. This allows
running Suricata in inline mode (IPS) for packets captured by
iptables using the NFQUEUE target.
-s signatures
Path to the signatures file.
-l log_dir
Path to the default log directory.
-D Run as daemon
--init-errors-fatal
Enable fatal failure on signature init error.
SEE ALSO
tcpdump(1), pcap(3).
AUTHOR
suricata was written by the Open Information Security Foundation.
This manual page was written by Pierre Chifflier <pollux@debian.org>,
for the Debian project (and may be used by others).
February 2010