I want to create a website that allows users to upload their pcap files and then use Suricata to analyze them. Then display on the web the content in the log file that Suricata returns.
Can you tell me what to do?
Thank you
Hi there,
Your idea reminded me of something one of our team members, Jason Ish, has done a while ago: https://try.suricata.evebox.org/
Was it something like that that you had in mind?
Are you planning this as a personal project, to learn, or what’s the goal?
1 Like
That website was exactly what I was imagining
I’m a student, I want to create a personal project
Can you guide me on how to make a website like that?
Thank you very much
How to connect to Suricata and use command to analyze pcap file
How to do this is a largely outside the scope of Suricata.
First you want to make sure you have Suricata installed and able read pcaps and output log files. This is basic Suricata operation that our documentation covers.
But you quickly get out of the scope of Suricata. But in very high level terms:
- Use your favourite web framework to create a page that accepts file uploads
- On the server side of your framework, save the files somewhere
- Run Suricata on that file
- Return the generated
eve.jsoneither as server side rendered HTML, or as JSON which you render client side, depending on the web tech you decide to use.
But really, almost all of that is outside of the scope of Suricata and will be more about what you use to build the web parts of all this.
3 Likes
This has been done before and open sourced (and was a SuriCon 2017 talk) … Dalton — GitHub - secureworks/dalton: Suricata and Snort IDS rule and pcap testing system
Dalton uses Docker containers and can be spun up in a matter of minutes with a single command.
-David Wharton
3 Likes