Create a website that analyzes pcap files with Suricata

I want to create a website that allows users to upload their pcap files and then use Suricata to analyze them. Then display on the web the content in the log file that Suricata returns.

Can you tell me what to do?

Thank you

Hi there,

Your idea reminded me of something one of our team members, Jason Ish, has done a while ago:

Was it something like that that you had in mind?

Are you planning this as a personal project, to learn, or what’s the goal?

1 Like

That website was exactly what I was imagining
I’m a student, I want to create a personal project
Can you guide me on how to make a website like that?
Thank you very much

How to connect to Suricata and use command to analyze pcap file

How to do this is a largely outside the scope of Suricata.

First you want to make sure you have Suricata installed and able read pcaps and output log files. This is basic Suricata operation that our documentation covers.

But you quickly get out of the scope of Suricata. But in very high level terms:

  • Use your favourite web framework to create a page that accepts file uploads
  • On the server side of your framework, save the files somewhere
  • Run Suricata on that file
  • Return the generated eve.json either as server side rendered HTML, or as JSON which you render client side, depending on the web tech you decide to use.

But really, almost all of that is outside of the scope of Suricata and will be more about what you use to build the web parts of all this.


This has been done before and open sourced (and was a SuriCon 2017 talk) … Dalton — GitHub - secureworks/dalton: Suricata and Snort IDS rule and pcap testing system

Dalton uses Docker containers and can be spun up in a matter of minutes with a single command.

-David Wharton